HP PageWide 377 Printing Security Best Practices: Configuring a Printer Secure - Page 45

Ramifications, Initial Settings, Device Settings

Get HP PageWide 377 PDF manuals and user guides View all HP PageWide 377 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 45 highlights

Chapter 6: Ramifications Raising the level of security on HP MFPs requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring the settings recommended in this checklist. Keep in mind that this is not a comprehensive list. You should test each MFP in your network environment to understand the implications of these settings and configurations. The following sections explain some of the known ramifications of each recommended setting: Initial Settings • Configuring Advanced Security Settings Firewall, PIN Authentication, LDAP, Solutions, etc. There are many advanced security settings that you may be using as part of your infrastructure or print solution. These settings should be configured and tested before locking down your devices with this checklist. If you are unsure how a setting may affect an advanced security configuration see the advanced security section, or test the setting on a single device before applying it to your fleet. • Enable SNMPv3 SNMPv3 is a secure protocol that encrypts configuration data transmitted over the network. Web Jetadmin accesses most of the MFP configuration settings through the MFP SNMP ports. Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a convenient device cache feature that stores all of the passwords and credentials for each MFP. Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin automatically provides the credentials without prompting. Thus, the administrator is required to remember the credentials only when the device cache credentials are outdated. The device cache is secured by encryption, and Web Jetadmin allows only the authenticated administrator to log in and manage the MFPs. Be sure to configure a robust password for Web Jetadmin. With SNMPv3 configured, an unauthorized user attempting to access the MFP configuration settings will observe a prompt for the SNMPv3 credentials. The MFP will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the additional time taken to encrypt the data. Disabling SNMPv1 disables SNMPv1 GET and SNMPv2 SET commands. Any solution or software that requires SNMPv1 or SNMPv2 will not function. If you require these to be enabled, be sure to set the community name to something that would be difficult to guess. Device Page Settings • Set I/O Timeout to End Print Job. The I/O Timeout to End Print Job allows you to specify the amount of time a device should wait between packets before canceling a job. Setting this timeout will help prevent jobs formed or sent incorrectly from tying up a print resource. If you are on a busy network or spool large jobs real time that may cause packet gap set this setting high enough to accommodate your environment. • Input Auto Continue Timeout. Configure Auto Continue Timeout to setting of your choice. • Enable Job Hold Timeout. Job Hold Timeout is related to the Job Retention setting below. It permanently deletes stored jobs (except faxes) that are held past the allowed time. This ensures that the stored jobs are not accessible after a time, and it ensures that the hard drive is cleared periodically. Job Hold Timeout requires that users are mindful of their print jobs. They will not be able to recover 41

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
41
Chapter 6: Ramifications
Raising the level of security on HP MFPs requires giving up some conveniences and usability. This section
explains some of the compromises you can expect from configuring the settings recommended in this
checklist. Keep in mind that this is not a comprehensive list. You should test each MFP in your network
environment to understand the implications of these settings and configurations.
The following sections explain some of the known ramifications of each recommended setting:
Initial Settings
Configuring Advanced Security Settings Firewall, PIN Authentication, LDAP, Solutions, etc.
There are many advanced security settings that you may be using as part of your infrastructure or print
solution. These settings should be configured and tested before locking down your devices with this
checklist. If you are unsure how a setting may affect an advanced security configuration see the
advanced security section, or test the setting on a single device before applying it to your fleet.
Enable SNMPv3
SNMPv3 is a secure protocol that encrypts configuration data transmitted over the network. Web
Jetadmin accesses most of the MFP configuration settings through the MFP SNMP ports.
Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries to
configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a convenient
device cache feature that stores all of the passwords and credentials for each MFP. Whenever an
authorized Web Jetadmin administrator makes a change, Web Jetadmin automatically provides the
credentials without prompting. Thus, the administrator is required to remember the credentials only
when the device cache credentials are outdated. The device cache is secured by encryption, and Web
Jetadmin allows only the authenticated administrator to log in and manage the MFPs. Be sure to
configure a robust password for Web Jetadmin.
With SNMPv3 configured, an unauthorized user attempting to access the MFP configuration settings
will observe a prompt for the SNMPv3 credentials. The MFP will not disclose which credentials are
incorrect; it will only revert to the prompt for credentials.
SNMPv3 causes some slowing of the configuration process due to the additional time taken to encrypt
the data.
Disabling SNMPv1 disables SNMPv1 GET and SNMPv2 SET commands. Any solution or software that
requires SNMPv1 or SNMPv2 will not function. If you require these to be enabled, be sure to set the
community name to something that would be difficult to guess.
Device Page Settings
Set I/O Timeout to End Print Job
. The I/O Timeout to End Print Job allows you to specify the amount of
time a device should wait between packets before canceling a job. Setting this timeout will help prevent
jobs formed or sent incorrectly from tying up a print resource. If you are on a busy network or spool
large jobs real time that may cause packet gap set this setting high enough to accommodate your
environment.
Input Auto Continue Timeout.
Configure Auto Continue Timeout to setting of your choice.
Enable Job Hold Timeout.
Job Hold Timeout is related to the Job Retention setting below. It
permanently deletes stored jobs (except faxes) that are held past the allowed time. This ensures that
the stored jobs are not accessible after a time, and it ensures that the hard drive is cleared periodically.
Job Hold Timeout requires that users are mindful of their print jobs. They will not be able to recover