HP M3035xs HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr
HP M3035xs - LaserJet MFP B/W Laser Manual
UPC - 883585038534
View all HP M3035xs manuals
Add to My Manuals
Save this manual to your list of manuals |
HP M3035xs manual content summary:
- HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 1
HP Imaging and Printing Security Best Practices Configuring Security for Multiple LaserJet MFPs, Color LaserJet MFPs, and Color MFPs with Edgeline Technology Version 3.0 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 2
with Data ...8 Repudiation...9 Information Disclosure ...9 Denial of Service...9 Elevation of Privilege ...10 Network Security ...10 Overall Network on Passwords ...11 Configuring MFP Security Settings...12 Setting up HP Web Jetadmin ...12 Configuring Initial Settings...16 Configuring the Bootloader - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 3
File System Page Options ...76 Network Page Options...77 Security Page Options...80 Settings Only for Edgeline MFPs ...81 Device Page Options ...81 Digital Sending Page Options ...82 Security Page Options...82 Final Configurations ...83 Overall Limitations...84 Physical Security ...84 Appendix 1: - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 4
To help with this, HP developed this checklist as a guide to help you configure the security-related settings. It provides instructions to configure these settings the National Institute of Standards and Technology (NIST). HP thanks NIST for its support in the process of creating this document. This - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 5
com, and click the button to check for new updates. Once you have installed Service Pack 4, you should install all remaining updates. See HP Web Jetadmin user guides for more information. Note: If Service Pack 4 does not appear in the Available Updates window, it is already installed. This checklist - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 6
some of these settings can cause unexpected problems in your network environment. Be aware the correct order. You should follow the instructions exactly and avoid making additional configurations during this a complimentary guide to known best practices for increasing MFP security. HP does not claim - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 7
HP products; however, this checklist is tested and known to be successful only with the specified MFP models. • Web Jetadmin Version 8.1 with Service Pack Network Security: The Network Security chapter provides step-by-step instructions for configuring MFP security settings. • Settings List: The - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 8
to log in to the email server to gain access to address books • Using another person's email credentials to have free use of an email service • Using another person's email credentials to view that person's email messages • Using another person's log on credentials for access to use MFPs or networks - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 9
already IPsec functionality. Look for information on configuring it at hp.com. • Close unused ports and protocols. • Configure all possible password settings. • Configure authentication. • Configure SNMPv3. Denial of Service Denial of service is any type of interference with normal use of an MFP - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 10
Lock the control panel. Network Security This chapter explains how to configure security settings for one or more MFPs. You should use HP Web Jetadmin Version 8.1 with Service Pack 4 to configure as many of these settings as possible, but some settings are available only in the MFP control panels as - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 11
HP Web Jetadmin does not provide support for them, and because they require advanced network configurations. Look for information on these settings in the Edgeline MFP user guides and at hp might be different. Be sure to follow the instructions in order, and consider making adjustments to accommodate - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 12
on an MFP, Web Jetadmin shows setting failed - not supported. This is the expected behavior, and the MFP will continue without issues. For best results, configure one MFP model at a time. Setting up HP Web Jetadmin Follow these instructions to prepare Web Jetadmin for configuring the MFPs: 1. Open - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 13
Figure 2: Web Jetadmin showing the device list in the default view. 2. Check to see that the MFPs you wish to configure appear in the Device Model List. If they are not in the list, use the Discovery options to find the MFPs on your network. Note: This checklist does not cover Device Discovery. See - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 14
settings may not apply to that specific model. Ignore instructions for settings that do not appear in Web Jetadmin. Remember that the steps in this checklist are for the specified HP MFPs. Other devices may appear in the Device Model list. It may - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 15
Figure 4: The Multiple Device Configuration Tool showing the Configure Devices tab outlined in green. The Configure Devices tab contains most all of the settings recommended in this checklist. Tip: Sometimes Web Jetadmin can lose track of MFP credentials. If this happens, some settings might fail. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 16
Initial Settings In order to ensure a successful and secure configuration, you should configure a few of the settings first. The following instructions explain how to configure these settings: Configuring SNMPv3 SNMPv3 provides encryption for communication between Web Jetadmin and the MFPs. It helps - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 17
. CAUTION: Be sure to remember these credentials and provide them to authorized users. If these credentials are forgotten, the only way to restore communication between HP Web Jetadmin and the MFPs is to restore the 17 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 18
MFPs to factory default settings. These instructions are for the initial configuration of SNMPv3. Once you finish this configuration, the MFPs will require these credentials whenever anyone attempts to access settings over - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 19
Figure 9: The Device Model list. Click Configure Devices (Figure 10) to execute the configuration. Figure 10: The Configure Devices button. After you click Configure Devices, a View Log page (Figure 11) will appear. 19 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 20
prompt for them on occasion. Web Jetadmin stores these credentials encrypted. 10.Click Go Back to view Multiple Device Configuration Tool, and continue with the instructions below: 20 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 21
configuration settings. The MFPs require it to be configured before they allow configuration of some of the other settings. Follow these instructions: 1. Click the Security option in the Configuration Categories menu (Figure 13). Figure 13: The Security Configuration Category option. 2. Scroll down - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 22
Control List: HP LaserJet M3035 MFP HP LaserJet M4345 MFP HP LaserJet M5025 MFP HP LaserJet M5035 MFP HP CM 8050 Color MFP HP CM 8060 Color MFP HP Web Jetadmin does not provide options to configure the Jetdirect Firewall settings. Look for them in each MFP EWS. Follow these instructions: 1. Click to - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 23
Figure 16: The Access Control List option. 3. Add an IP address or a subnet mask by filling in the fields (Figure 17). Figure 17: The ACL IP address field. CAUTION: Be sure to include the IP address of the computer that Web Jetadmin is using to connect to the MFPs (it might be a computer other than - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 24
Device Configuration Tool, and continue with this checklist. Configuring Fax Send Setup (Edgeline MFPs) If you are configuring Edgeline MFPs, follow these instructions to enable fax functions (if you plan to use the fax functions): Tip: This setting applies only to Edgeline MFPs. To save time - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 25
appropriate settings later in the fax configuration section. This checklist does not cover alternative fax configurations because they require other network solutions or support. 4. Select the MFPs you wish to configure in the device list (Note that this setting is only for Edgeline MFPs. All other - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 26
for Edgeline MFPs Edgeline MFPs also require Email Send Setup and Send to Folder Setup before they allow configurations for related settings. Follow these instructions: Tip: This setting applies only to Edgeline MFPs. To save time, you should apply this setting only to the Edgeline MFPs you are - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 27
Figure 22: The Enable Send to Email option. 3. Click to select Enable Send to Email to the right. Note: You might have to configure the SMTP Gateways Settings as well. 4. Scroll down, and click to select Enable Send to Folder (CM8060) (Figure 23). Figure 23: The Enable Send to Folder options. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 28
Administrator Password for Edgeline MFPs. The Bootloader password can be configured using HP Web Jetadmin, but the Startup Menu Administrator Password can be configured using only the MFP control panel. See instructions for each type below: Configuring the Bootloader Password for LaserJet-Based MFPs - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 29
settings for it are available only on the control panel. Follow these instructions to configure the Startup Menu Administrator Password: 1. Press the power button panel as the MFP begins to start up. 3. As soon as the HP logo appears on the control panel, touch the START button (the large green - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 30
• HP LaserJet M3027 MFP • HP LaserJet M3035 MFP • HP LaserJet M5025 MFP • HP LaserJet M5035 MFP • HP Color LaserJet M4730 MFP • HP CM8050 Color MFP with Edgeline • HP CM8060 Color MFP with Edgeline Hiding the IP address can be done only using the MFP Control panel. Follow these instructions: 1. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 31
in Web Jetadmin. Also, keep in mind that some settings that are not supported for the model you are configuring may appear in Web Jetadmin. The MFPs users and for applications. These settings are not covered in these instructions, but you should consider configuring them to help control the costs of - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 32
The Fax configuration page provides a few security options for the analog fax functions. Follow these instructions: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below. At the minimum, configure the modem settings for the country, the company, and - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 33
to continue. Configurations on the Digital Sending page The Digital Sending page includes options for email and for send to network folder. Follow these instructions: 1. Click Digital Sending in the Configuration categories menu. 2. Scroll down, and click to select Email Message Text (Figure 28). 33 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 34
from the MFPs. 5. Scroll down, and click to select Default 'From:' Address (Figure 29). Figure 29: The Default From Address options. Note: HP recommends configuring the default from address to ensure that no one can send email using false or misleading identification; however, if you configure LDAP - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 35
email address of the authenticated user as the from address, and it will not allow users to change it. 6. Click to select Prevent users from changing the Default 'From:' Address. 7. Fill in the Email Address field with any address that includes the at symbol (@). Tip: You might wish to use the email - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 36
11. Click to select either Use Device User's Credentials or Use Public Credentials under LDAP Credentials. If you choose Use Device User's Credentials, each MFP will prompt the user at the control panel for a valid username and password. If you choose Use Public Credentials, each MFP will use the - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 37
Follow these instructions: 1. Click Embedded Web Server in the Configuration Categories menu (Figure 32). Figure 32: The Embedded Web Server page. Note: The first option in the Embedded - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 38
Figure 33: The Embedded Web Server Configuration Options. 3. Click to enable Continue Button, and leave the remaining options blank. See below for more information: The Embedded Web Server Configuration Options are either enabled or disabled in this menu. They will be reconfigured regardless of - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 39
Button allows the MFPs to resume after they are set to pause. Print Service enables users to send print-ready files directly to an MFP without having the that can help prevent unauthorized access to data. Follow these instructions: 1. Click Filesystem in the Configuration Categories menu (Figure 34 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 40
needed to clean MFPs for resale, for reuse, or for conforming to high-level security requirements such as Department of Defense regulations. The instructions continue with the File System password: 2. Click to select Set Filesystem Password (Figure 35). Figure 35: The Set Filesystem Password option. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 41
Figure 36: The Secure File Erase Mode setting. This setting determines the level of overwriting applied to delete files during routine functions. This includes removal of files for the Secure Storage Erase function (see the explanation earlier). Secure Sanitizing Erase is recommended for this - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 42
. Configurations on the Network Page The Network Configuration page provides options that relate to the Jetdirect Print Servers. Follow these instructions: 1. Click Network in the Configuration Categories menu (Figure 38). Figure 38: The Network Configuration Category. 2. Click to select either - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 43
40). Figure 40: The Encryption Strength option. 5. Click the Encryption Strength dropdown menu, and select the highest setting that your browser supports. The Encryption Strength setting allows you to choose the strength of the encryption algorithm that will be used for communication between the MFP - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 44
through LPD. It also prevents printing through LPD. 9100 Printing Enabled 9100 Printing is the access point for normal printing through standard HP print drivers. IPP Printing Disabled Disabling IPP Printing prevents access to configuration settings and other features through the IPP. It also - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 45
the Hewlett-Packard Online Privacy Statement available by clicking privacy statement at http://www.hp.com. If you enable this feature, information collected by HP will be limited to the following items: • HP Jetdirect product number, firmware version, and manufacturing date • Model number of the MFP - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 46
7. Click RCFG Setting (Figure 43), and leave RCFG Config blank to disable it. Figure 43: The RCFG Setting option. This setting prevents access to configuration settings through Novell NetWare linkages; however, you should enable it if your network uses these linkages. Note: When you disable RCFG - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 47
Note: The Access Control List options appear next on the Network page, but you should have already configured this. The ACL instructions appear in the Initial Settings section of this chapter to help ensure security during the time you are configuring the MFPs. 9. Click to select Protocol - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 48
the costs of color printing. These options are not covered in this checklist. Follow these instructions: 1. Click Security in the Configuration Categories menu. This opens the Security configuration page the MFP. You can use these options to provide varying services to different groups of users. 48 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 49
subsequent steps. Note: LDAP, Kerberos, and Digital Send Service require additional solutions on the network for support. 3. Click the dropdown menu next to Log in at require HP Digital Send Service to be installed on the Network. Digital Send Service is an additional solution offered at hp.com. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 50
Figure 49: The Accessing the LDAP Server options. These settings enable the MFPs to require a user's NT logon credentials for use of the MFPs. This is related to the LDAP access options in the Digital Sending page, which enable the MFP to use the LDAP address book. This setting is required if you - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 51
Group 1 PIN for access to the copy function and Group 2 PIN for access to the fax function. Note: Configure NTLM if your network includes NTLM service. This option enables the MFP to authenticate to NTLM for the purposes of digital sending to network folders. It is not for restricting access to - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 52
only when you are prepared to update firmware. Keep in mind that HP strongly recommends updating MFP firmware regularly. Note: The SNMPv3 option appears page, but you should have already configured it. The SNMPv3 instructions appear at the beginning of this chapter to help ensure security during - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 53
. 13. Click to select Allow Use of Digital Send Service (Figure 53), and click Disabled (unless your network is using HP Digital Send Service). Figure 53: The Allow Use of Digital Send Service option. Digital Send Service is an HP solution for managing the digital sending functions of MFPs. It - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 54
(Figure 54), and click Disabled. Figure 54: The Allow Transfer to New Digital Send Service option. Digital Send Service claims ownership of the MFPs it manages. Anyone with another installation of Digital Send Service can take over an MFP unless you disable this option. 15.Click to select PJL - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 55
Color LaserJet-based MFPs. This saves time, and it saves complications that can arise from configuring MFPs that reject these settings. Follow these instructions, but select only Edgeline MFPs in the devices list at the end of each configuration category: Tip: These settings apply only to Edgeline - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 56
Figure 57: LDAP Server Settings. These settings enable the Edgeline MFPs to access the LDAP server to provide addresses and contacts. It is important to configure SSL to ensure that usernames and other information from the LDAP server are encrypted. 2. Configure the Enable Network Contacts setting - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 57
8. Scroll down, and click to select Default Message Settings (Figure 59). Figure 59: The Default Message Settings options. These settings restrict users from changing the address fields in email jobs. 9. Click to select Restrict users from editing all address fields. 10. Type an email address that - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 58
Figure 60: The Default Sign in Method option. The Default Sign in Method provides a standard method of restricting access to the MFP. The method you choose will be used whenever access restrictions are not configured. 3. Click to select Access Control Level for Device Functions (Figure 61). Figure - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 59
Figure 62: The Permission Set options under the Access Control Level options (Edgeline MFPs). d. After you have added a name, click Permission set. A list of Device Functions with Access Control (Figure 63) will appear. Figure 63: The Device Functions with Access Control list (Edgeline MFPs). e. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 60
. Be sure to use an SSL port to ensure secure communication. 6. If you selected Windows sign in for configurations above (only if your network supports it), click to select Windows Sign in Setup (Figure 65). Figure 65: The Windows Sign in Setup options. 7. Configure the Windows Sign in Setup - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 61
, choose a Permission set in the dropdown list, and click Add New. 10. If you selected Windows sign in for configurations above (only if your network supports it), click to select Windows Users and Groups (Figure 68). 61 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 62
Accounts, go to the EWS of each MFP, and configure them. See MFP User Guide for more information. 12. Once you have made your choices, click Configure Devices at only at the end of this checklist. Follow these instructions for the final settings: 1. Go to the Network page, and click to select - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 63
Figure 69: The Enable Features option. 2. Click to disable EWS Config. EWS Config was required for configuring this checklist, but it should be disabled during normal use of the MFPs. Note: This setting removes all configuration settings from the MFP EWSs. It also removes all EWS-related settings - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 64
, the content of email jobs, and the content of digital sending jobs. Look for the HP Jetdirect 635n Print Server Card at hp.com. You can configure IPsec for each Edgeline MFP using the EWS. See user guides and EWS Help for more information. You can also find helpful information by searching for - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 65
only way to restore the MFPs is to involve an HPauthorized service technician to reset the entire MFP. You may wish to include instructions or explanations. Use it to check-off each setting as you follow the instructions in are considered reasonably secure, but HP does not warrant or guarantee that - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 66
Initial settings Configure SNMPv3 (Security page). Configure Device Password (Security page). Configure ACL (Network page). o Disable Allow Web Server (HTTP) Access . Configure Fax Setup (Fax page for Edgeline MFPs). o Select Internal Modem. Enable Send to Email (Digital Sending page for - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 67
Printer Firmware Update. Configure Control Panel Access to Maximum Lock. Disable Allow Use of Digital Send Service. Disable Allow Transfer to New Digital Send Service. Configure PJL Password. Configure color restriction settings as desired. Settings only for Edgeline MFPs Device Page - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 68
, but use an SSL port. If you selected Windows Sign in for Access Control Levels, configure Windows Sign in Setup. If your network supports Novell, configure Novell Sign in Setup. If you selected LDAP for Access Control Levels, configure LDAP Users and Groups. If you selected Windows - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 69
Button. Disable Go Button. Disable Command Invoke. Disable Command Download. Disable Command Load and Execute. Enable Continue Button. Disable Print Service. Configure File System Password. Configure Secure File Erase Mode to Secure Fast Erase or Secure Sanitize Erase. Configure File System External - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 70
). Disable Printer Firmware Update. Configure Control Panel Access to Maximum Lock. Disable Allow Use of Digital Send Service. Disable Allow Transfer to New Digital Send Service. Configure the PJL Password. Configure color restriction settings. Settings only for Edgeline MFPs Configure Fax Printing - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 71
Configure LDAP Users and Groups. Configure Windows Users and Groups. Disable EWS Config. Disable Direct Ports. None configured None configured Enabled Enabled 71 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 72
Ramifications Raising the level of security on any network product requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring this checklist. Keep in mind that this is not a comprehensive list. You should test your system to know - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 73
are available on Edgeline MFPs. See the MFP user guide for more information. • Configure Send to Email Setup BIOS settings on a PC. They affect the services that are loaded when the MFP is turned place. • Hide the MFP IP Address Many of the HP MFPs display buttons to show the IP address. This is - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 74
Settings for all MFPs (including Edgeline MFPs) Device Page Settings • Enable Job Retention. Job Retention saves fax or print jobs on the hard drive for printing when the user is present. The security implication is that a user can be sure others will not be able to see the printed documents as they - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 75
to pause operations, such as print jobs, indefinitely. Disabling the Go Button removes it from the EWS, preventing users from delaying jobs or even denying service to other users. However, users will be able to pause or resume their own jobs from the print driver or from the control panel. 75 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 76
(Chailets), such as workflow programs and job accounting programs. Disabling it stops the MFPs from running Chailets during start up. This function is called Load Services in the EWS. If you use Chailets, you should enable Command Load and Execute. If not, you should disable it to prevent users from - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 77
and ports. They eliminate access from various types of management tools. HP recommends shutting down all unused access to the file system. See the file system. o Disable PML. PML (Printer Management Language) is an HP proprietary protocol that manages MFPs and printers. Web Jetadmin uses PML for many - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 78
disable EWS Config at this point). These options enable or disable various supported features for the MFP. These features are designed for access and sessions. Note that Web Jetadmin is the only solution recommended for managing HP MFPs, and it does not use Telnet Config. o Disable SLP Config - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 79
methods enabled o SNMP control methods enabled o Wireless configuration methods enabled For HP to collect any information, Internet access must be available. • Disable RCFG explained earlier. Web browsers that do not support SSL and high encryption strength will not be able to access the MFP EWSs. 79 - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 80
functions. It is important to be sure to select only the authentication methods that are available and that you wish to configure. Digital Send Service is a separate solution available at hp.com. It is a valuable tool that provides security and other features for managing MFPs. Select Digital Send - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 81
options, use the Intermediate option. • Disable Allow Use of Digital Send Service. Digital Send Service is a useful tool for managing MFP digital sending. It is available for purchase at hp.com. HP recommends using Digital Send Service, but it is not covered in this checklist. You should disable it - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 82
NOTE: Stored faxes are not affected by the Job Hold Timeout. Fax standards require that all incoming faxes are eventually printed or otherwise viewed. With the Fax Printing Schedule configured, incoming fax jobs will not print until an authorized person chooses to print them or until they are - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 83
can configure the MFPs or print using these connections. This setting causes the MFPs to turn off and turn on. They will be out of service during this time. This is also the reason this setting should be executed alone and at the end of this checklist. If you attempt to - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 84
method to change it. Physical Security Many of the most notable features of a HP MFPs involve hard copy documents. MFPs can print them, scan them, send them and phone lines connected to the MFP • Access to digital sending services and features • Access to stored print jobs (depending on settings) - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 85
lock, such as a Kensington Lock, as recommended in the MFP User Guide. Appendix 1: Glossary of Terms and Acronyms The following table lists terms it is separate from the network functions. DSS Digital Send Service. DSS is an HP solution to enhance MFP digital sending functionality and security. - HP M3035xs | HP LaserJet MPF Products - Configuring Security for Multiple MFP Pr - Page 86
to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs, Color LaserJet MFPs,
and Color MFPs with Edgeline Technology
Version 3.0