HP Color LaserJet CM4730 HP LaserJet MPF Products - Configuring Security for M - Page 72

Ramifications, Initial Settings

Get HP Color LaserJet CM4730 - Multifunction Printer PDF manuals and user guides View all HP Color LaserJet CM4730 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 72 highlights

Ramifications Raising the level of security on any network product requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring this checklist. Keep in mind that this is not a comprehensive list. You should test your system to know how it reacts to these settings and configurations. The following sections explain some of the known ramifications of each setting: Initial Settings • Enable SNMPv3. SNMPv3 is a secure protocol that encrypts information over network lines. Web Jetadmin accesses all of the MFP configuration settings through the MFP SNMP ports. Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a convenient device cache feature that stores all of the passwords and credentials for each MFP. Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin automatically provides the credentials without prompting. Thus, the administrator is required to remember the credentials only when the device cache credentials are outdated. The device cache is kept encrypted, and Web Jetadmin allows only the authenticated administrator to log in and manage the MFPs. Be sure to configure a robust password for the Web Jetadmin administrator. With SNMPv3 configured, an unauthorized user will observe a prompt for the SNMPv3 credentials. If a user enters incorrect credentials, the MFPs will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the encryption features. • Configure Device Password The Device Password restricts access to the configuration settings. With it configured, the MFPs require the password whenever anyone or any application attempts to make changes to the settings. Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It automatically provides the EWS password to the MFPs whenever they prompt for it. The Device Password is synchronized with the EWS Password, which appears on the Embedded Web Server Configuration Category page. Whenever a change is made to either password, the MFP will change the other one to be the same. • Fill in the Access Control List. The Access Control List is a table that lists the IP addresses of PCs that are allowed to access the MFPs. This can be helpful toward a highly-secure configuration because it ensures that only those using authorized computers will have network access to the MFPs. The ACL covers all access to the MFPs including printing. If you wish to provide access to groups of users, use the Subnet Mask feature so you do not have to know a large number of IP addresses. Be sure to include one IP address for each subnet mask to allow the MFPs to determine where to find the subnets. Users of computers that are not on the ACL will observe errors when attempting to access the MFPs. It will appear as though the MFPs are not connected to the network. The MFPs allow access to all IP address until the ACL is filled out. Once it is filled out with even a single address, it blocks all other access. Be sure to include the computer that is running Web Jetadmin, or the MFPs will block its access as well (it is possible to operate Web Jetadmin from a remote computer). If your computer uses a proxy for access to the MFPs, be sure to include the proxy server in the ACL. 72

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
Ramifications
Raising the level of security on any network product requires giving up some conveniences and
usability. This section explains some of the compromises you can expect from configuring this
checklist. Keep in mind that this is not a comprehensive list. You should test your system to know how
it reacts to these settings and configurations.
The following sections explain some of the known ramifications of each setting:
Initial Settings
Enable
SNMPv3
.
SNMPv3
is a secure protocol that encrypts information over network lines. Web Jetadmin accesses
all of the MFP configuration settings through the MFP SNMP ports. Once
SNMPv3
is configured,
the MFPs will prompt for the credentials every time anyone tries to configure settings using Web
Jetadmin or any other tool. However, Web Jetadmin includes a convenient device cache feature
that stores all of the passwords and credentials for each MFP. Whenever an authorized Web
Jetadmin administrator makes a change, Web Jetadmin automatically provides the credentials
without prompting. Thus, the administrator is required to remember the credentials only when the
device cache credentials are outdated. The device cache is kept encrypted, and Web Jetadmin
allows only the authenticated administrator to log in and manage the MFPs. Be sure to configure a
robust password for the Web Jetadmin administrator.
With
SNMPv3
configured, an unauthorized user will observe a prompt for the
SNMPv3
credentials. If a user enters incorrect credentials, the MFPs will not disclose which credentials are
incorrect; it will only revert to the prompt for credentials.
SNMPv3
causes some slowing of the configuration process due to the encryption features.
Configure
Device
Password
The
Device
Password
restricts access to the configuration settings. With it configured, the MFPs
require the password whenever anyone or any application attempts to make changes to the
settings.
Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It automatically
provides the EWS password to the MFPs whenever they prompt for it.
The
Device
Password
is synchronized with the
EWS
Password
, which appears on the
Embedded
Web
Server
Configuration Category page. Whenever a change is made to either
password, the MFP will change the other one to be the same.
Fill in the
Access
Control
List
.
The
Access
Control
List
is a table that lists the IP addresses of PCs that are allowed to access the
MFPs. This can be helpful toward a highly-secure configuration because it ensures that only those
using authorized computers will have network access to the MFPs. The ACL covers all access to the
MFPs including printing.
If you wish to provide access to groups of users, use the
Subnet
Mask
feature so you do not have
to know a large number of IP addresses. Be sure to include one IP address for each subnet mask to
allow the MFPs to determine where to find the subnets.
Users of computers that are not on the ACL will observe errors when attempting to access the MFPs.
It will appear as though the MFPs are not connected to the network.
The MFPs allow access to all IP address until the ACL is filled out. Once it is filled out with even a
single address, it blocks all other access. Be sure to include the computer that is running Web
Jetadmin, or the MFPs will block its access as well (it is possible to operate Web Jetadmin from a
remote computer). If your computer uses a proxy for access to the MFPs, be sure to include the
proxy server in the ACL.
2