HP LaserJet Enterprise MFP M725 HP Commercial LaserJet Printers and MFPs - Ima
HP LaserJet Enterprise MFP M725 Manual
View all HP LaserJet Enterprise MFP M725 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP LaserJet Enterprise MFP M725 manual content summary:
- HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 1
HP Imaging and Printing Security Best Practices Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs Version 5.0 for HP Web Jetadmin 10 © Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P. - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 2
RCFG Support ...31 Job Timeout...32 Privacy Setting...32 Protocol Stacks ...33 Web Services Print...35 Apply your Changes 36 Configuring MFP Security Settings 37 Bootloader Password 37 Color Access Control 38 Control Panel Access 38 Embedded Web Password 39 PJL Password ...40 HP LaserJet and - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 3
4: Advanced Security for Multiple MFPs 61 Access Control List (ACL 61 Authentication Manager 63 Group 1 PIN and Group 2 PIN 64 LDAP...66 User Pin Authentication 67 Chapter 5: Web Server Page Options 81 File System Page Options 82 HP LaserJet and Color LaserJet MFP Security Checklist ii - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 4
Network Page Options 76 Security Page Options 79 Final Configurations 84 Overall Limitations ...85 Chapter 8: Physical Security 86 Chapter 9: Appendix 1: Glossary of Terms and Acronyms 87 HP LaserJet and Color LaserJet MFP Security Checklist iii - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 5
website. HP thanks NIST for its support in the process of creating this document. This checklist is meant for trained network administrators who use HP Web Jetadmin version 10.1 or above in enterprise networks. It includes step-by-step instructions to configure one or more MFPs on a network - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 6
on a Windows XP or Windows Vista PC One of each supported MFP with the latest updated firmware found at hp.com The process for configuring this checklist is developed using HP Web Jetadmin to manage all of the MFPs at the same time. This checklist covers only those parts of HP Web Jetadmin - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 7
guide, Web Jetadmin user guides, and help files. This checklist relies on these materials for necessary information. All of these guides are available by searching for them at hp.com. MFPs: This checklist covers security settings for specific HP LaserJet MFPs and HP Color LaserJet MFPs - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 8
for Multiple MFPs: The Network Security for Multiple MFPs chapter provides step-by-step instructions for configuring MFP security settings. MFPs are installed and for securing MFP internal hardware. Chapter 9: Appendix 1, Glossary and Acronyms. Chapter 1 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 9
an email service Using another person's email credentials to view that person's email messages Using another person's log on credentials for access to use MFPs or networks Using another person's log on credentials for administrative access to MFPs Chapter 2 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 10
to MFPs: Accessing usage logs to delete entries Removing origination information from file metadata Bypassing user authentication Using remote management software to access the MFP You can minimize the risks of repudiation in the following ways: Chapter 2 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 11
use of an MFP. This can include any of the following: Canceling or pausing the print jobs of others Turning off the MFP remotely Disconnecting power to the MFP Removing the MFP formatter board Disconnecting the MFP from the network Chapter 2 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 12
users Using management software to bypass job accounting functions Here are some methods of minimizing opportunities for elevation of privilege: Configure the administrator (device) password. Configure SNMPv3 and HTTPS. Lock the control panel. Chapter 2 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 13
is a powerful tool that allows you to manage any number of MFPs and printers. It provides the ability to configure a wide variety of features and services on the network. Without proper security, Web Jetadmin allows malicious users the same conveniences for attacking your network. Thus, configuring - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 14
MFPs to factory default settings. Without it, the only way to restore the MFPs is to involve an HPauthorized service technician to reset the entire MFP Device PIN (for MFP functions) User PIN (for individual user accounts) PJL password HP LaserJet and Color LaserJet MFP Security Checklist 10 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 15
for download and installation at the following location on hp.com: http://www.hp. HP Web Jetadmin Follow these instructions to prepare Web Jetadmin for configuring the MFPs: 1. Open Web Jetadmin to view the device list (Figure 1) that appears by default. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 16
MFPs on your network. Note: This checklist does not include details on MFP discovery. See Web Jetadmin user guidance for more information. In most cases, the MFPs the steps in this checklist are for the specified HP LaserJet and Color LaserJet MFPs. Other devices may appear in the Device Model list - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 17
having a problem configuring a MFP. Sometimes Web Jetadmin can lose track of MFP MFP credentials. The next step is to ensure that any installed HP Secure Hard Disks are configured: Configuring HP Secure Hard Disk If you have an HP If your HP Secure Hard Disk configure your HP Secure Hard - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 18
Follow these steps to use Web Jetadmin to verify your HP Secure Hard Disk is installed and configured: 1. In the device list view, add the and Secure Disk Status columns and transfer them to the Selected Columns list (Figure 5). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 14 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 19
"Installed". The Secure Disk Status column should indicate "Encrypted" (Figure 6). Figure 6: Shows the Secure Disk and Secure Disk Status columns as Installed and Encrypted. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 15 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 20
steps: 1. Click Security in the Configuration Categories menu (Figure 8) to view the options for configuration. From the Security Options select SNMP Version Access Control. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 16 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 21
SNMPv3 selected. 3. Once Enable SNMPv3 has been selected, and fills in the New User, the New Authentication Passphrase, and the New Privacy Passphrase fields (Figure 10) in the New SNMPv3 Credential section. See below for details. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 17 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 22
instructions are for the initial configuration of SNMPv3. Once you finish this configuration, the MFPs users. If these credentials are forgotten, the only way to restore communication between HP Web Jetadmin and the MFPs is to restore the MFPs HP LaserJet and Color LaserJet MFP Security Checklist 18 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 23
your MFPs will not allow SNMPv1 SET and SNMPv2 GET. 5. Choose Apply at the bottom of the SNMP Version Access Control configuration to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 12). Chapter 3 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 24
Figure 12: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 20 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 25
for each MFP in an encrypted format. However, Web Jetadmin may still prompt you for credentials on occasion so remember the passwords you set. 7. Click Done to exit the Configure Devices dialogue, and continue with this checklist. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 26
or sent incorrectly from tying up a print resource. To set this timeout follow the instructions below. 1. From the Device category, select the I/O Timeout to End Print Job print jobs on the MFP are erased after a reasonable time. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 22 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 27
Reference source not found.), and select Enabled. Figure 16: The Job Retention options. This allows users to store print jobs and fax jobs for printing at their discretion (when they can be devices dialogue box (Figure 17). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 23 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 28
Figure 17: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 24 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 29
what methods are available for communication with your MFP over the network. Follow the instructions below to view and configure these options. 1. MFP you: 1. Click Enable Features from the configuration options in the Network category (Figure 19). Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 30
Config while the MFPs are in use, and enable it only to make changes to the affected configurations. Telnet Config Disabled Disabling Telnet Config prevents access to configuration settings and other features through Telnet. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 26 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 31
LPD. 9100 Printing is the access point for normal printing through standard HP print drivers. Disabling IPP Printing prevents access to configuration settings and other features through or browsing printers on the network. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 27 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 32
a Windows Vista/ Windows 7 MFP network features that are not in use. 3. Click Apply in the lower right hand corner to view the Configure Devices dialogue box. (Figure 20). Review your selections carefully before clicking on the Configure Devices button. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 33
secure communications with the MFP EWS. To enable this feature: 1. Click Encrypt all web communication, and then select Enabled to enable HTTPS communication between the Jetdirect Print Server and any web browser (Figure 21). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 29 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 34
to choose the strength of the encryption algorithm used for communication between the MFP EWS and the web browsers connecting to it (this is related to menu, and select the highest setting that your browser supports (Figure 23). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 30 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 35
to configuration settings through Novell NetWare linkages; however, you should enable it if your network uses these linkages. 1. Click IPX -- RCFG Support Enabled (Figure 25), and leave Enable RCFG Support blank to disable it. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 31 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 36
MFPs to move on from jobs that lack proper end of job signals. The MFPs will be able to switch protocols to continue with other jobs. Not all MFPs support allows HP to collect statistical data about the MFP. HP will not collect network-specific or personal data. For information on HP privacy - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 37
SNMP control methods enabled Wireless configuration methods enabled The MFP must have internet access to allow HP to collect information. To disable the Privacy Setting option: as applicable to your network. See the table below. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 33 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 38
Figure 28: The Protocol Stacks options. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 34 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 39
enables or disables the Microsoft Services for Devices WSD Print services supported on the HP Jetdirect Print Server. 1. Click to select Web Services Print (Figure 29), and select Disabled. Figure 29: Enabling Web Services Print. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 35 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 40
the selected devices. This will open the configure devices dialogue box (Figure 30). Figure 30: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 36 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 41
listed in this section, you should check the chapter on Advanced Security for multiple MFPs. To set the basic required settings in this category follow the steps in the the bootloader password will be cleared in the MFPs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 37 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 42
panel of your MFPs. Maximum Lock ensures that no one can access configuration settings in the control panel. To set Control Panel Access: 1. Click to select the Control Panel Access (Figure 33), and click to select Maximum Lock. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 38 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 43
Jetadmin it is important to set the Embedded Web Password. To do this, follow these instructions. 1. Click Embedded Web Server Password under the Security category (Figure 34). Figure 34: The Embedded Web Server Password options. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 39 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 44
number of characters for best security). This setting requires users to log on for parts of the EWS that provide configuration options. 3. Repeat the you have problems configuring this password try configuring it through the EWS. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 40 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 45
(Figure 37) determines whether encryption is automatically enabled when an HP Secure Hard Disk is installed. Automatic is the default and manual password has been set on any of those devices it is recommended you skip this step in the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 46
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 38). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 42 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 47
Figure 38: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 43 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 48
these instructions to configure Fax Printing: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below . This setting requires users to provide the PIN number to print stored Fax jobs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 44 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 49
apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 40). Figure 40: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 45 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 50
2. Review your settings and then click the Configure Devices button to execute the configuration. Additional Fax Configuration Some of the newer MFPs or recently upgraded MFPs may contain 42: Fax Speed Dials selection and page. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 46 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 51
the number of the specific speed-dials you wish to lock. We recommend locking all speed-dial entries from modification. To do this, enter 0-99 in the box and select Save (Figure 44). Figure 44: The Fax Speed Dials lockdown box Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 47 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 52
should configure the settings below for security while EWS Config is enabled. Follow these instructions: 1. Click the Embedded Web Server category to select Embedded Web Server Configuration Options for each item in this list: Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 48 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 53
best practice. Command Load and Execute enables the MFPs to install and run Chai services, such as workflow applications and job accounting solutions. You should disable it unless you are using installed applications on your MFPs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 49 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 54
Continue Button allows the MFPs to resume after an error has been cleared. Print Service enables users to send print-ready files directly to an MFP without having the MFP installed on a 46: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 50 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 55
is recommended that all external access to the file systems on your MFPs be disabled. To do so, follow these instructions: 1. Click the File System category to select File System External Access the NFS option disables the entire Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 51 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 56
MFPs will require the password whenever anyone or any device requests access to the storage devices. To set the File System password follow the instructions Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 57
order this should not be an issue. To set the Secure File Erase Mode follow these instructions: 1. Click to select Secure File Erase Mode (Figure 49), and view the options in the Sanitizing Erase if you require maximum security. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 53 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 58
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 51). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 54 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 59
Figure 51: The Configure Devices dialogue box. 6. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 55 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 60
LaserJet MFPs might appear on the Digital Sending page. These settings are for other types of HP MFPs. You should configure the settings that appear in the instructions below. You may wish to configure the other settings as a safeguard, but they are ignored on devices that do not support a user walks - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 61
HP recommends configuring the default from address to ensure that no one can send email using false or misleading identification. If you are using LDAP Authentication, the MFP will use the email address of the authenticated user ). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 57 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 62
computers can access the MFPs. In order to configure this feature, each MFP will turn off and turn on automatically. To disable these ports: 1. Go to the Security page, and click to select Disable Direct Ports (Figure 55). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 58 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 63
it should be disabled during normal use of the MFPs. To disable EWS Config: 1. Go to the Network category, and click to select Enable Features (Figure 56). Figure 56: The Enable Features option. 2. Click to disable EWS Config. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 59 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 64
Note: This setting disables configuration from the MFP EWS. It also disables all EWS-related settings from Web Jetadmin ( Jetadmin. Always remember to disable EWS Config after making changes. Your MFPs are now securely configured. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 60 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 65
access to your devices. If you are looking for information in this section that is not contained in this document you can refer to the MFP User Guides and the HP Jetdirect Administrator Guide for more information. You can find these documents and more information by searching for it at - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 66
all of the MFPs are configured with your MFP EWS through HTTP. Note: These ACL options allow you to add one IP address or one mask at a time. To add more IPs or masks, repeat these steps. Remember to deselect Allow Web Server (HTTP) access each time. Chapter 4 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 67
Many of the options available (such as LDAP, Kerberos, and Digital Send Service) require additional solutions on the network for support. 2. Click the dropdown menu next to Log in at Walk Up, and select from the list (Figure 59). Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 63 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 68
for specific functions of the MFP. Choose users to login at walk up using the LDAP system and then require group 1 PIN for access to the copy function and group 2 PIN for access to the fax function. Configure PIN Authentication as desired (Figure 60). Chapter 4 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 69
PIN fields. Note: If your network includes NTLM service, configure NTLM. This option specifies the authentication method to use when your MFP executes a send to folder job. We recommend using the highest authentication available. Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 65 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 70
the LDAP server for communication over a secure SSL channel. This also requires that you generate SSL certificates and upload them to the MFPs using the LDAP Access options in the Digital Sending page (explained earlier). Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 66 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 71
also provides a way to add user email addresses to the MFP address book. You can configure up to 2000 users in this feature. Configure User PIN Authentication (Figure 62) as desired. Figure 62: The User Pin Authentication options. Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 67 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 72
list of the settings recommended in this checklist. This section does not include instructions or explanations. It is intended to be used as a check-off list Disable LPD Printing. Enable 9100 Printing. Disable IPP Printing. Chapter 5 HP LaserJet and Color LaserJet MFP Security Checklist 68 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 73
to High. Configure Error Handling Disable IPX RCFG Support. Configure Job Timeout. Set the Privacy Setting DLC/LLC. Disable AppleTalk. Disable Web Services Print. Security Category Options Configure Bootloader Password. 5 HP LaserJet and Color LaserJet MFP Security Checklist 69 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 74
Command Download. Disable Command Load and Execute. Enable Continue Button. Disable Print Service. File user from changing the Default From Address. Final configurations Disable Direct Ports (wait for MFPs to restart). Disable EWS Config. Chapter 5 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 75
chapter lists the default setting for each configuration in the checklist: Setting Configure HP Secure Hard Disk Configure SNMPv3 (Security page). I/O Timeout to End Print Job Handling Enabled ? Enabled Low Dump then Reboot Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 71 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 76
Not configured Print All Received Faxes Configure Fax Speed Dials Configure Embedded Web Server Configuration options. Enable Outgoing Mail. Not configured (See below) Enabled Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 72 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 77
Command Load and Execute. Enabled Enable Continue Button. Enabled Disable Print Service. Configure File System External Access. Disable PJL. Enabled (See below) Sanitize Erase. Enabled Not Configured Non-Secure Fast Erase Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 73 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 78
default: 20 seconds Configure Default From Address. Select Prevent user from changing the Default From Address. Disable Direct Ports (wait for MFPs to restart). Disable EWS Config. Not configured Not selected Enabled Enabled Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 74 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 79
using as part of your infrastructure MFP will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the additional time taken to encrypt the data. Chapter 7 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 80
users supported features for the MFP MFPs will deny access to Telnet sessions. Web Jetadmin does not use Telnet Config; thus disabling it has no affect on it. It disables other tools, but Web Jetadmin is the only solution recommended for managing HP MFPs. Chapter 7 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 81
the standard printing protocol used by MFP print drivers. Disabling 9100 Printing would disable all printing for most users. Disable IPP Printing. IPP enterprise networks include DNS servers and do not require this service. With this option disabled, a non-DNS network will not recognize the MFPs. - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 82
You should disable IPX RCFG Support unless your network has Novell and older Jetdirect print servers. With IPX RCFG Support disabled, MFPs will deny access to Novell enabled For HP to collect any information, Internet access must be available. Chapter 7 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 83
your network includes older Apple or Macintosh computers. With it disabled MFPs will not appear on the network for these computers. Disable Web Services Print. This disables the Microsoft WSD Print services supported on the HP Jetdirect Print Server. If this feature is enabled someone with a host - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 84
users from changing configurations in the MFPs. The MFPs will deny access to configuration settings without the password. Web Jetadmin keeps MFP credentials in its encrypted device cache. It will not prompt for the device password of an MFP that it manages. Chapter 7 HP LaserJet and Color LaserJet - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 85
one to be the same. Disable Allow Use of Digital Send Service. HP Digital Sending Software is a useful tool for managing MFP digital sending. It is available for purchase at hp.com. HP recommends using Digital Send Service, but it is not covered in this checklist. Thus, this checklist recommends - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 86
it ensures that only users with the MFP Print driver installed can send print jobs to the MFPs. With Print Service disabled, the print HP recommends shutting down all unused access to the file system. See the ramifications for each protocol below. Chapter 7 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 87
provides the password when the MFPs request it. Set the Secure File Erase Mode to Secure Fast Erase or to Secure Sanitizing Erase. Secure File Erase enables the MFPs to overwrite storage space whenever files are deleted. This Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 83 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 88
sure to wait a few minutes until all of the MFPs are online and ready before executing another configuration. With Direct Ports disabled, the parallel and USB ports are turned off, and the MFPs behave as if the ports do not exist. Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 84 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 89
Address on email send jobs: Depending on the capabilities of your network, the MFPs will place either a default from address or the user's email address of the user who logged into the MFP. It will provide no method to change it. Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 85 - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 90
MFP Access to digital sending services and features Access to stored print jobs (depending on settings) Access to copy features (unauthorized overuse of resources such as toner and paper as recommended in the MFP User Guide. If you have purchased the EIO version of the HP Secure Hard Disk ( - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 91
Service. DSS is an HP solution to enhance MFP MFP. The formatter also accommodates accessories such as wireless cards. Since the formatter is removable (using common tools), it includes the capability to be locked using devices such as Kensington locks. Chapter 9 HP LaserJet and Color LaserJet MFP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 92
MFPs include internal Jetdirect hardware as standard equipment. Other MFPs, such as HP Color LaserJet 9500 MFPs paper MFP storage devices store two types of data: system data, such as configurations, and user data, such as print jobs, address books, and installed applications. HP Web Jetadmin: HP - HP LaserJet Enterprise MFP M725 | HP Commercial LaserJet Printers and MFPs - Ima - Page 93
Microsoft® is a U.S. registered trademark of Microsoft Corporation. Adobe and PostScript are trademarks of Adobe Systems Incorporated. © Copyright 2005, 2006, 2009, 2010 Hewlett-Packard Development Company, L.P.
© Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P.
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs and Color
LaserJet MFPs
Version 5.0 for HP Web Jetadmin 10