HP DesignJet Z5400 Security Features - Page 74

HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get the printer system started after it is turned on. HP Sure Start It validates the integrity of the BIOS at every boot cycle. If a compromised version is discovered, the device reboots using a safe, "golden copy" of the BIOS. UEFI Secure Boot Method to prevent the loading of unauthorized operating systems during the system startup. Based on the UEFI Forum specification (www.uefi.org). CONFIGURATION Disable ports and protocols It allows the administrator to select which protocols and services are enabled. Restricting the enabled protocols to only those that are actually needed means the administrator can reduce the risk of vulnerability. Instant-On Security Devices supporting Instant-On Security features can be automatically added into the Security Manager as soon as they are connected to the network or from reset without any intervention. Instant-On Security immediately configures the device to be compliant with the corporate security policy. SNMPv3 SNMP is a protocol to get and configure printer information. SNMPv3 is the encrypted version. When enabled, only the client applications knowing the keys will be able to access the printer using this protocol. FIRMWARE HP signed firmware packages Firmware packages are digitally signed by the HP Code Signing group. The printer uses the public key of this group to verify the signature before installing the new firmware, thus ensuring that only legitimate firmware from HP can be installed in the printer. Only forward firmware security upgrades Behavior of the firmware that prevents installation of older firmware releases that have known security vulnerabilities. RD only file system Solution to guarantee that the firmware cannot be altered. It is based on configuring the filesystem where the printer firmware is located as a read only partition. 74