HP Color LaserJet 4730 HP LaserJet MFP and Color MFP Products - Configuring Se - Page 59

Embedded Web Server Configuration Options

Get HP Color LaserJet 4730 - Multifunction Printer PDF manuals and user guides View all HP Color LaserJet 4730 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 59 highlights

With the Default From Address configured, no one can change the From address in email messages. The address you configure is the only address anyone can use. • Configure Accessing LDAP Server settings (if available on your network). These LDAP settings enable the MFPs to provide the LDAP address books to users. Access to the address books is not necessarily related to security, but the accompanying security settings are important for its use. They are also required for LDAP authentication, which appears later in the checklist. It is important to use the SSL capabilities to ensure that usernames, passwords, and email addresses are not passed over network lines in clear text. When Accessing LDAP Server settings are configured, the MFPs provide access to the LDAP address book using either the credentials of a valid network user, such as an administrator, or the credentials of the MFP user (depending on your preferences). The MFP will prompt for credentials as necessary. • Configure LDAP Server Bind Method to Simple over SSL (if possible). Normally the communications between the MFPs and the LDAP servers pass over network lines in clear text. With Simple over SSL the communications are encrypted and protected from misuse. This setting requires an SSL Certificate that is created by the LDAP server. • Upload SSL Certificate (if available). This setting is required for the SSL Bind Method setting. It is also required for the LDAP Authentication configuration (Security page) recommended later in this checklist. It enables the MFP to decrypt SSL communications. • Configure Time-outs to Delay before resetting the default settings, and type a number of seconds to delay. This setting enables the MFPs to remove email addresses or fax information from the control panel if a user forgets to reset it. With the timeouts configured, an MFP control panel will revert to the default screen, and a user will not be able to reuse addresses and other destination data beyond the timeout period. Embedded Web Server Page Options Configure the Embedded Web Server Password. The EWS password restricts access to the configuration settings in the EWS. With it configured, the MFP requires the password whenever anyone or any application attempts to make changes to the EWS settings. Keep in mind that the settings provided in the EWS are also accessed by Web Jetadmin. Thus, the MFPs will require the EWS password from Web Jetadmin whenever it attempts to access these settings. Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It will automatically provide the EWS password to the MFPs whenever they MFPs prompt for it. The EWS password is synchronized with the device password, which is recommended later in this checklist. Whenever you change either password, the MFP will change the other one to be the same. • Configure Embedded Web Server Configuration Options. These options limit some of the EWS features that can be misused: • Enable Outgoing Mail. The MFP sends some email, such as automatic fax notifications and consumables alerts, depending on configurations. This Outgoing Mail feature does not affect the MFP send to email functions. It also is not known to affect network security. If you use fax notification or other automatic email alerts, you should enable outgoing email. • Disable Incoming Mail. Some network solutions can send commands to the MFP via email. If your network uses any of these solutions, you should enable Incoming mail. Otherwise, disable it as a best practice. This setting does not affect any other use of the HP LaserJet and Color LaserJet MFP Security Checklist 59

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
HP LaserJet and Color LaserJet MFP Security Checklist
59
With the Default From Address configured, no one can change the From address in email
messages. The address you configure is the only address anyone can use.
Configure
Accessing LDAP Server
settings (if available on your network). These LDAP
settings enable the MFPs to provide the LDAP address books to users. Access to the
address books is not necessarily related to security, but the accompanying security settings
are important for its use. They are also required for LDAP authentication, which appears later
in the checklist. It is important to use the SSL capabilities to ensure that usernames,
passwords, and email addresses are not passed over network lines in clear text.
When
Accessing LDAP Server
settings are configured, the MFPs provide access to the
LDAP address book using either the credentials of a valid network user, such as an
administrator, or the credentials of the MFP user (depending on your preferences). The MFP
will prompt for credentials as necessary.
Configure
LDAP Server Bind Method
to
Simple over SSL
(if possible). Normally the
communications between the MFPs and the LDAP servers pass over network lines in clear
text. With
Simple over SSL
the communications are encrypted and protected from misuse.
This setting requires an SSL Certificate that is created by the LDAP server.
Upload SSL Certificate (if available). This setting is required for the SSL Bind Method setting.
It is also required for the LDAP Authentication configuration (Security page) recommended
later in this checklist. It enables the MFP to decrypt SSL communications.
Configure
Time-outs
to
Delay before resetting the default settings
, and type a number of
seconds to delay. This setting enables the MFPs to remove email addresses or fax
information from the control panel if a user forgets to reset it.
With the timeouts configured, an MFP control panel will revert to the default screen, and a
user will not be able to reuse addresses and other destination data beyond the timeout
period.
Embedded Web Server Page Options
Configure the
Embedded Web Server Password
. The EWS password restricts access to
the configuration settings in the EWS. With it configured, the MFP requires the password
whenever anyone or any application attempts to make changes to the EWS settings. Keep in
mind that the settings provided in the EWS are also accessed by Web Jetadmin. Thus, the
MFPs will require the EWS password from Web Jetadmin whenever it attempts to access
these settings.
Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It will
automatically provide the EWS password to the MFPs whenever they MFPs prompt for it.
The EWS password is synchronized with the device password, which is recommended later
in this checklist. Whenever you change either password, the MFP will change the other one
to be the same.
Configure
Embedded Web Server Configuration Options
. These options limit some of the
EWS features that can be misused:
Enable
Outgoing Mail
. The MFP sends some email, such as automatic fax notifications
and consumables alerts, depending on configurations. This Outgoing Mail feature does
not affect the MFP send to email functions. It also is not known to affect network security.
If you use fax notification or other automatic email alerts, you should enable outgoing
email.
Disable
Incoming Mail
. Some network solutions can send commands to the MFP via
email. If your network uses any of these solutions, you should enable Incoming mail.
Otherwise, disable it as a best practice. This setting does not affect any other use of the