HP J2550B Livre blanc

HP Jetdirect Security Guidelines whitepaper Table of Contents: Introduction ...

10 firmware upgrades; if telnet has been disabled to avoid plain-text transmission of the password, FTP upgrades are also disabled. The ability to u

11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. As a result,

The TFTP configuration file points to a parameter file called “pjlprotection”. This file is sent to the printer on power-up. Here is a sample conten

First and foremost, set a password. 13

Change the Encryption Strength to “Medium” and check the “Encrypt All Web Communication” checkbox. This checkbox forces HTTPS to be used for all we

Uncheck “Enable SNMPv1/v2” and check Enable “SNMPv3”. Provide SNMPv3 parameters. 15

Based upon the customer’s environment, read only SNMPv1/v2c access may need to be granted. Some tools such as the HP Standard Port Monitor use SNMPv

Disable unused print protocols and services. Allowing device discovery helps in device management, but may not be required in all environments. 8

Configuration Review Configuration review. Click “Finish” to set the configuration. Recommended Security Deployments: SET 3 First and foremost

Be sure that you are using HTTPS before navigating to this page. Select the drop down box for the Default Rule to be “Allow” and then click “Add Rule

one of the first print servers to widely implement security protocols such as SSL/TLS, SNMPv3, 802.1X, and IPsec. If you are new to security and se

We’ll define the IPv4 address range first. Select “All IPv4 Addresses” for Local Address and then we specified the 192.168.0/24 subnet for the Remote

Select the appropriate IPv6 addresses and name the address template. Now that we have the address templates, let’s create a rule. Rules a

We are concerned with management services, so select the service template “All Jetdirect Management Services”. Click “Next”. Select “Allow Traf

Select “Create another rule”. Select the IPv6 address template you created and then click “Next”. 23

Select the “All Jetdirect Management Services” service template. Click “Next”. Select “Allow Traffic”. Click Next. 24

We have allowed management traffic from our IPv4/IPv6 administrative subnet. Now we must create a rule to throw away all other management traffic.

Again, select “All Jetdirect Management Services” for the service template and then click “Next”. Select “Drop”. Click “Next”.

We can now see our policy. Rules are processed from 1 to 10. If a packet comes from or is going to our defined IPv4/IPv6 subnet, the rule will mat

Recommended Security Deployments: SET 4 First and foremost, SET 4 configuration needs to have the Security Wizard for SET 2 executed. Once the Secur

29 ll Click “Next”. Select “AJetdirect Management Services”. Select “Requtraffic to be protan IPsec/Firewall Policy”. Cire ected with lick “

What is an HP Jetdirect? When printers were directly connected to network spoolers, often a simple hardware protocol was used to send data from the P

30 Click “New”. Name the IPTemplate. Some Jetdirecmodels may require you to configure IKE parameters. However, thismodel has a quick set of IK

31 n P d r Click “Next”. For example purposes only, Pre-Shared Key Authenticatiois used. Hdoes not recommenusing Pre-Shared Key Authentication.C

32 f c is default rule. Click “Finish”. Here is our IPsec policy. Ia management protocol is to be used, it must use IPsec. All other traffi

33 Further Reading 802.1X: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00731218/c00731218.pdf IPsec: http://h20000.www2.hp.com/bc/docs/s

4 How old is Your HP Jetdirect? Once in a while, when doing an inventory of a network, an administrator may discover some network connected devices t

5 Upgrading Upgrading your HP Jetdirect devices is by no means a requirement, but is highly recommended. Should a customer choose to do so, HP can p

6 As you can see, replacing a discontinued 400n MIO model with a new external parallel port print server like the 300X will not upgrade the security

7 • A guideline to popular HP Jetdirect devices and the firmware they should be running as of August of 2007 is shown in Table 4: HP Jetdirect Prod

8 Which hosts need to print? Options Only computers on the same subnet as HP Jetdirect Option 1) For SET 1/2/3/4. Eliminate the default gateway (se

9 they are trusted to establish a print connection, they are trusted to print. Some additional protections can be provided, in the form of Color Acce