HP Designjet Printer series Security features
HP Designjet Printer Series © 2014 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as an additional warranty.
HP Designjet Printer Series Security Settings Table of Contents 1. 2. 3. 4. Introduction & Overview ................................................................................................................................... 4 Security features available for Large Format Printers .................................................................................... 4 Security features available for Large Format scanners.................................................................................
HP Designjet Printer Series Security Settings 1. Introduction & Overview This document provides an overview of the security features supported by HP Designjet printers as of January 2014. The security features described in this document make the HP Designjet printer series particularly well suited for deployment in environments where network, data, and access control security are important.
HP Designjet Printer Series Security Settings Data access Secure file erase WJA WJA WJA WJA WJA (Z2100 only) Secure disk erase WJA/FP WJA/FP WJA/FP WJA/FP N/A External HDD YES YES N/A N/A N/A Self-Encrypted hard disk N/A N/A N/A N/A N/A Communications security 5 IPSec EWS EWS EWS/WJA EWS/WJA + JetDirect EWS/WJA + JetDirect Wizard setup configuration N/A N/A N/A N/A N/A SNMPv3 EWS EWS EWS EWS/WJA + JetDirect EWS/WJA + JetDirect CA/JD Certificates EWS/WJA EWS/WJ
HP Designjet Printer Series Security Settings T7X00 T3500 T2500/T1500/T 920 T2300/T1300 T790 T120/T520 Hide information to user Control panel lock EWS/WJA EWS/WJA EWS/WJA EWS/WJA EWS/WJA N/A EWS multilevel EWS EWS/FP/WJA EWS/FP/WJA EWS/FP EWS / FP (1 level) EWS (1 level) Hide IP from FP FP FP FP FP FP N/A Printer access control N/A EWS/FP/WJA EWS/FP/WJA EWS/FP EWS/FP N/A Exclude personal info.
HP Designjet Printer Series Security Settings Communications security 7 Wizard setup configuration N/A EWS EWS N/A N/A N/A IPSec EWS EWS/FP/WJA EWS/FP/WJA EWS/WJA EWS/WJA requires Jetdirect accessory SNMPv3 EWS EWS/FP/WJA EWS/FP/WJA EWS EWS N/A CA/JD Certificates EWS/WJA EWS/WJA EWS/WJA EWS/WJA EWS N/A Encrypt web comms EWS/WJA EWS/FP/WJA EWS/FP/WJA EWS/WJA EWS/WJA EWS NTLM N/A V2 and V1 V1 V1 N/A N/A
HP Designjet Printer Series T1200 Security Settings T770 Z3100 Z3100ps 4020/4520 T1100/ T1120 Z6100 T620 Hide information to user Control panel lock EWS/WJA WJA N/A N/A WJA EWS EWS N/A EWS multilevel EWS N/A N/A EWS (1 level) EWS EWS EWS N/A Hide IP from FP FP FP N/A N/A FP FP FP N/A Printer access control N/A N/A N/A N/A N/A N/A N/A N/A Exclude personal info.
HP Designjet Printer Series Security Settings 3. Security features available for Large Format scanners Multi-function printers (MFPs) consist of two main parts: the printer and the scanner. For the printer, the table above applies.
HP Designjet Printer Series Security Settings 4. Security Concepts explanation 3.1 Secure File Erase Secure File Erase is a feature that manages how files are deleted from the printer’s hard disk. There are three security modes to the Secure Files Erase feature. These settings can be changed via Web JetAdmin. Non-Secure Fast Erase: In this mode, all file pointers to the data (table indexes) are erased.
HP Designjet Printer Series 3.2 Security Settings Secure Disk Erase In either of the two secure methods described above (Secure Fast Erase and Secure Sanitizing Erase), there is also the option to sanitize the whole disk. The sanitizing method removes any user data in a secure manner, so that the device can safely be moved from a secure location to an unsecure location. All disk erasing will be carried out via the same level of security erase.
HP Designjet Printer Series Security Settings Printer Front Panel access: Once you have entered into the “Service Menu” with the help of an HP Support representative, you can perform the Secure Disk Erase using the same 3 options that you have in Web JetAdmin. Note that the name of the feature in the front panel is Disk Wipe DoD 5220.220M, and the three options are called “Insecure Mode”, “1-pass mode” and “5-pass mode”.
HP Designjet Printer Series 13 Security Settings
HP Designjet Printer Series 3.3 Security Settings Control Panel Access Lock The control panel access lock is a feature intended for IT administrators, which enables them to lock the device’s control panel by using either the HP Web JetAdmin or the printer’s Embedded Web Server (depending on the printer model). This feature prevents unauthorized users from accessing the control panel and changing the printer’s settings.
HP Designjet Printer Series Security Settings The following table shows the different levels of access and what they enable or disable: Maximum Intermediate Moderate Minimum Retrieve Job OK OK OK OK Information ---OK OK OK Paper handling ------OK OK Configure Designjet ---------OK Diagnostics ---------OK Maximum Lock – This option denies access to all options.
HP Designjet Printer Series 3.4 Security Settings Embedded Web Server (EWS) multilevel access The Embedded Web Server is a powerful tool which enables direct management of a device such as an HP LaserJet printer or an HP Designjet printer. With no security in place, however, this tool also has the potential to have a negative effect on many features, as they can be configured using just a web browser and knowledge of the IP address of to the printer.
HP Designjet Printer Series 17 Security Settings
HP Designjet Printer Series Security Settings If there is no administrator account, then the restricted operations can be accessed without a password. 3.4.2 Guest password Once the administrator user account has been set, the administrator can also set up a guest user account by specifying a password for the guest.
HP Designjet Printer Series Security Settings Notes: 19 Some printers only have 1-level password access to the Embedded Web Server. The networking tab of the Embedded Web Server enables you to set up another password. If the printer has a EWS 1-level or multi-level password, then the networking password is the same as the general EWS password. If the EWS does not have password capabilities, then the networking password is only used for controlling access to the networking area of the EWS.
HP Designjet Printer Series 3.5 Security Settings Exclude personal info from accounting You can enable or disable the option for the printer to send an e-mail containing accounting information. If you enable this setting, you also need to fill in the destination of the report by using the “Send accounting files to” setting. Please note that you also have to configure the e-mail server on the Setup Page.
HP Designjet Printer Series 3.6 Security Settings Disable connectivity interfaces Depending on the printer series, there are some ports that can be disabled to prevent unauthorized printing and possible data theft. You might want to disable the USB printing port to prevent people from connecting a laptop directly into the printer and printing via USB. If you have installed a JetDirect card to add extra security features, you might want to disable the onboard Ethernet.
HP Designjet Printer Series 3.7 Security Settings Disable protocols In some cases you might want to disable all protocols that you do not plan to use to access your printer. For example, you might prevent users from sending files via ftp or connecting through telnet to manage the printer network settings. You can disable unused protocols through the Mgmt. Protocols option in the Embedded Web Server, or Network Enable Features in Web JetAdmin. 3.
HP Designjet Printer Series Security Settings IPsec / Firewall. Use this page to view or configure an IPsec / firewall policy. An IPsec / firewall policy consists of up to 10 rules. As with a firewall policy, each rule specifies the IP addresses and services that are allowed by the print server and device. With IPsec support, you can apply IPsec authentication and encryption protocols for those addresses and services. To add a rule, click ‘Add Rule’.
HP Designjet Printer Series 3.10 Security Settings CA/JD Certificates You can request, install, and manage digital certificates on the HP JetDirect print server. Certificates are used to identify the JetDirect print server both as a valid Web server for network clients, and as a valid client requesting access on a secure network. By default, the JetDirect print server contains a self-signed, pre-installed certificate. 3.
HP Designjet Printer Series 3.13 Security Settings Disable USB drive You can use this option to disable the use of USB drives, preventing somebody from connecting a device to print or to scan images. 3.14 Disable firmware update through USB This option is used to disable the possibility of upgrading the printer by installing new firmware from a USB device. 3.
HP Designjet Printer Series 3.16 Security Settings Disable ePrint Center connectivity This feature disables the ePrint Center functionality so that users are unable to remotely send items to print. 3.17 User sessions This feature enables you to set a timeout so that open sessions to ePrint&Share from the printer front panel are automatically closed if they are not used within the set time. 3.18 Disable internet connection Disable the direct connection of the printer to the internet.
HP Designjet Printer Series Security Settings 3.20.1 How the system works 1. 2. 3. 4. 5. 6. Connect the External Hard Disk (EHD) to the printer’s USB host port. The printer will detect the EHD and will ask for permission to install it. When you accept, the printer will move onto the next step. All of the information normally stored on the internal HD is copied to the external HD. Your printer’s internal HD partition is then deleted using a highly secure erasing process (DoD 5220.22-M).
HP Designjet Printer Series 3.22 Security Settings Job storage and PIN printing Job storage allows jobs to be stored and then printed when required, it also provides features for setting print jobs as “private”, with a personal identification number (PIN). To access job storage features, open the printer Properties, and then select Printing Preferences.
HP Designjet Printer Series 3.23 Security Settings Self Encrypted hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the printer and is written to the drive. This is achieved using AES 256-bit and FIPS 140 encryption that ensure that data can’t be read or extracted from the HDD. Hard disk is protected also with an ATA password that is unique for each printer and changeable when required using EWS setup tab.
HP Designjet Printer Series Security Settings 5. Other security features available only through JetDirect Some security features are available only after installing a JetDirect 640n or similar internal print server. 4.1 Access Control list This feature lets you determine the access control list (ACL), which is used to specify the IP addresses on your network that are allowed access to the device. The ACL is normally used for security purposes and supports up to 10 entries.
HP Designjet Printer Series Security Settings 6. Glossary Active Directory (AD) An advanced, hierarchical directory service that comes with Microsoft Windows servers (version 2000 or later). It is LDAP-compliant and built on the domain naming system (DNS) used on the Internet. Workgroups are given domain names, exactly like Web sites, and any LDAP-compliant client – such as Windows, Mac, or Unix – can gain access.
HP Designjet Printer Series HP Web Jetadmin IP multicast IPSec Security Settings A web-based fleet management software tool for remote installation, configuration, problem resolution, proactive management, and reporting. For more information go to; www.hp.com/go/webjetadmin A one-to-many transmission of data over an IP network. Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.
HP Designjet Printer Series Security Settings This feature enables administrators to secure Device Functions by requiring users to log in with a specific Log In Method for each Function. For example, users may be required to log in with an Access Code or PIN to make copies, yet be required to log in with a username and password to send e-mails.
