HP Jetdirect C2059E Practical considerations for imaging and printing security - Page 6

HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for the deletion of data from hard disk storage. DoD 5220-22m specifies an algorithm to repetitively overwrite hard disk data sectors to remove all trace magnetic information. For more information on HP Secure Erase, see Appendix B, "HP Secure Erase," on page 12. Vulnerabilities, viruses, and worms Vulnerability assessments are an integral step in HP's imaging and printing product development, and as a result these devices have been affected little by the viruses and worms that afflict enterprise networks. While the ingenuity of hackers continues to evolve, HP ensures its products meet the threat posed by hostile network environments. • Chai HP's Chai provides a means to extend an imaging and printing device's functionality. For example, Capella Technologies' VeriUser Authentication is implemented as a Chailet. Access controls restrict installation of Chailets to authorized administrators, however, as it is important to avoid installing malware on PCs, Chailets should only be installed from known and trusted sources, such as HP and its partners. Protect Information on the Network Protecting Information on the Network insures that network communications between users, administrators, the imaging and printing device, and the workflow are confidential and prevent unauthorized modification by maintaining their integrity. Network connectivity with HP Jetdirect devices Network connectivity for HP imaging and printing devices is provided by the HP Jetdirect family of products, including internal cards, external boxes, and embedded networking. HP Jetdirect provides many secure network protocols and services, including: 802.1x for Wired Networks Provides access control to the Ethernet network. Network devices that are unable to authenticate to the 802.1x authorization server have all network access denied. 802.1x can prevent unauthorized users from attaching devices to the network as well as insure that only IT deployed and trusted devices, such as those with virus protection software, are allowed access. IPsec Allows for strong authentication, confidentiality, and integrity of communications, and can secure network printing and scanning protocols. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to-clunk performance that rivals unsecured protocols, and supports the IPsec implementations available in all current major operating systems, including Windows, Unix®, and Linux®. SNMPv3 and HTTPS Provide secure management of the imaging and printing device. SNMPv3 provides strong authentication and encryption of management communications and is used by HP Web Jetadmin to provide fleet management of HP imaging and printing devices. HTTPS using SSL/TLS provides security of web protocols and is used for secure management using the device's embedded web server, as well as security of web services such as consumable reordering. Secure IPP (IPP-S) The secure form of the IPP protocol using SSL/TLS, secure IPP requires no additional configuration and is primarily intended for small networks lacking sophisticated IT administration. While Secure IPP may be used in large enterprise environments, IPsec is the recommended protocol for securing printing and scanning functions. 6