HP LaserJet 4345 HP LaserJet MFP and Color MFP Products - Configuring Security - Page 57

Ramifications - connection

Get HP LaserJet 4345 - Multifunction Printer PDF manuals and user guides View all HP LaserJet 4345 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Chapter 6: Ramifications Raising the level of security on HP MFPS requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring the settings recommended in this checklist. Keep in mind that this is not a comprehensive list. You should test your system to know how it reacts to these settings and configurations. The following sections explain some of the known ramifications of each recommended setting: • Enable SNMPv3 (Security Page). SNMPv3 is a secure protocol that encrypts information over network lines. Web Jetadmin accesses all of the MFP configuration settings through the MFP SNMP ports. Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a convenient device cache feature that stores all of the passwords and credentials for each MFP. Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin automatically provides the credentials without prompting. Thus, the administrator is required to remember the credentials only when the device cache credentials are outdated. The device cache is kept secure because it is encrypted, and Web Jetadmin allows only the authenticated administrator to log in and manage the MFPs. Be sure to configure a robust password for Web Jetadmin. With SNMPv3 configured, an unauthorized user attempting to access the MFP configuration settings will observe a prompt for the SNMPv3 credentials. The MFP will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the encryption features. • Configure Bootloader Password. The Bootloader Password protects against accidental or intentional access to the MFP Bootloader settings. These settings are similar to the BIOS settings on a PC. They affect the services that are loaded when the MFP is turned on. The Bootloader Password setting is permanent. There is no way to reset it or to change it without providing the correct password. Thus, it is extremely important to use a password that can be remembered and to record the password in a safe place. • Fill in the Access Control List. The Access Control List is a table that lists the IP addresses of PCs that are allowed to access the MFPs. This can be helpful toward a highly secure configuration because it ensures that only those using authorized computers will have network access to the MFPs. The ACL covers all access to the MFPs including printing. If you wish to provide access to groups of users, be sure to use the subnet mask feature so you do not have to know a large number of IP addresses. Users of computers that are not on the ACL will observe errors when attempting to access the MFPs. It will appear as if the MFPs are not connected to the network. The MFPs allow access to all IP address until the ACL is filled out. Once it is filled out with even a single address, it blocks all other access. Be sure to include the computer that is running Web Jetadmin, or the MFPs will block its access as well (it is possible to operate Web Jetadmin from a remote computer). CAUTION: If the Access Control List is filled out incorrectly, it can cause complete loss of communication with the MFP. Be sure to use the correct information. The only way to restore communication is to reconfigure the MFPs to factory default settings. HP LaserJet and Color LaserJet MFP Security Checklist 57

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
HP LaserJet and Color LaserJet MFP Security Checklist
57
Chapter 6:
Ramifications
Raising the level of security on HP MFPS requires giving up some conveniences and usability.
This section explains some of the compromises you can expect from configuring the settings
recommended in this checklist. Keep in mind that this is not a comprehensive list. You should test
your system to know how it reacts to these settings and configurations.
The following sections explain some of the known ramifications of each recommended setting:
Enable
SNMPv3
(Security Page).
SNMPv3 is a secure protocol that encrypts information over network lines. Web Jetadmin
accesses all of the MFP configuration settings through the MFP SNMP ports.
Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries
to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes
a convenient device cache feature that stores all of the passwords and credentials for each
MFP. Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin
automatically provides the credentials without prompting. Thus, the administrator is required
to remember the credentials only when the device cache credentials are outdated. The
device cache is kept secure because it is encrypted, and Web Jetadmin allows only the
authenticated administrator to log in and manage the MFPs. Be sure to configure a robust
password for Web Jetadmin.
With SNMPv3 configured, an unauthorized user attempting to access the MFP configuration
settings will observe a prompt for the SNMPv3 credentials. The MFP will not disclose which
credentials are incorrect; it will only revert to the prompt for credentials.
SNMPv3 causes some slowing of the configuration process due to the encryption features.
Configure
Bootloader Password
.
The Bootloader Password protects against accidental or intentional access to the MFP
Bootloader settings. These settings are similar to the BIOS settings on a PC. They affect the
services that are loaded when the MFP is turned on. The Bootloader Password setting is
permanent. There is no way to reset it or to change it without providing the correct password.
Thus, it is extremely important to use a password that can be remembered and to record the
password in a safe place.
Fill in the
Access Control List
. The Access Control List is a table that lists the IP addresses
of PCs that are allowed to access the MFPs. This can be helpful toward a highly secure
configuration because it ensures that only those using authorized computers will have
network access to the MFPs. The ACL covers all access to the MFPs including printing.
If you wish to provide access to groups of users, be sure to use the subnet mask feature so
you do not have to know a large number of IP addresses.
Users of computers that are not on the ACL will observe errors when attempting to access
the MFPs. It will appear as if the MFPs are not connected to the network.
The MFPs allow access to all IP address until the ACL is filled out. Once it is filled out with
even a single address, it blocks all other access. Be sure to include the computer that is
running Web Jetadmin, or the MFPs will block its access as well (it is possible to operate
Web Jetadmin from a remote computer).
CAUTION:
If the Access Control List is filled out incorrectly, it can
cause complete loss of communication with the MFP. Be
sure to use the correct information. The only way to
restore communication is to reconfigure the MFPs to
factory default settings.