HP Commercial LaserJet Printers and MFPs - Imaging and Printing Security Best Practices

Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 83
NOTE:
Some storage management tools, such as the Web Jetadmin Device
Storage Manager (a Web Jetadmin add-on available in the Product
Update navigation mode), use some of these protocols to access the file
system. You might consider enabling these protocols only to update
configurations and then disable them during normal MFP operation.
Also, note that disabling PJL and PML only affects file system access, but
disabling NFS shuts down the protocol for the entire MFP.
Disable PJL access. PJL (Printer Job Language) includes capabilities to manage
configurations in the form of commands inside print jobs. Some of these commands can
access MFP storage devices. Disabling PJL access to the file system disables only the
commands that affect the file system. This will not affect the preferences available for
normal print jobs.
With PJL access disabled, the MFPs will ignore PJL commands that attempt to access the
file system.
Disable PostScript access. The PostScript protocol enables programs such as Adobe®
products to access the MFPs directly for printing and for access to fonts. Some of the
commands it uses can access MFP storage devices. Disabling PostScript access to the file
system disables only the commands that affect the file system. This will not affect the
preferences available for normal print jobs, but could affect interoperability with third party
products.
Disable PML access. PML (Printer Management Language) is an HP proprietary protocol
that manages MFPs. Web Jetadmin uses PML for many of its configuration settings.
Disabling this PML access eliminates the PML commands that affect access to the storage
devices even for Web Jetadmin. If you wish to make changes to the file system, enable
PML access to make the changes, and disable it again. With this setting, MFPs will ignore
PML commands that attempt to access the file system.
Disable NFS access. The NFS protocol is used by UNIX, and Linux, and Norton systems.
Disabling it disables the entire protocol for the MFPs. With this setting, MFPs will ignore all
NFS requests. If your network uses these protocols, you should enable NFS.
Configure the File System Password. The File System password feature restricts access to
the Secure File Erase Mode, Secure Storage Erase, and External File System Access Settings.
This setting is important because it helps protect data stored on the MFPs. It does not affect
normal use of the MFPs such as job storage.
Users attempting to make changes to the file system settings or attempting to access data
through network ports will be required to provide this password. Without the password, the
MFP denies access to the File System and to File System configurations.
Web Jetadmin stores the file system password in its encrypted device cache. It automatically
provides the password when the MFPs request it.
Set the Secure File Erase Mode to Secure Fast Erase or to Secure Sanitizing Erase.
Secure File Erase enables the MFPs to overwrite storage space whenever files are deleted. This