HP LaserJet 9040/9050 HP LaserJet MPF Products - Configuring Security for Mult - Page 72
Ramifications, Initial Settings
View all HP LaserJet 9040/9050 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 72 highlights
Ramifications Raising the level of security on any network product requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring this checklist. Keep in mind that this is not a comprehensive list. You should test your system to know how it reacts to these settings and configurations. The following sections explain some of the known ramifications of each setting: Initial Settings • Enable SNMPv3. SNMPv3 is a secure protocol that encrypts information over network lines. Web Jetadmin accesses all of the MFP configuration settings through the MFP SNMP ports. Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a convenient device cache feature that stores all of the passwords and credentials for each MFP. Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin automatically provides the credentials without prompting. Thus, the administrator is required to remember the credentials only when the device cache credentials are outdated. The device cache is kept encrypted, and Web Jetadmin allows only the authenticated administrator to log in and manage the MFPs. Be sure to configure a robust password for the Web Jetadmin administrator. With SNMPv3 configured, an unauthorized user will observe a prompt for the SNMPv3 credentials. If a user enters incorrect credentials, the MFPs will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the encryption features. • Configure Device Password The Device Password restricts access to the configuration settings. With it configured, the MFPs require the password whenever anyone or any application attempts to make changes to the settings. Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It automatically provides the EWS password to the MFPs whenever they prompt for it. The Device Password is synchronized with the EWS Password, which appears on the Embedded Web Server Configuration Category page. Whenever a change is made to either password, the MFP will change the other one to be the same. • Fill in the Access Control List. The Access Control List is a table that lists the IP addresses of PCs that are allowed to access the MFPs. This can be helpful toward a highly-secure configuration because it ensures that only those using authorized computers will have network access to the MFPs. The ACL covers all access to the MFPs including printing. If you wish to provide access to groups of users, use the Subnet Mask feature so you do not have to know a large number of IP addresses. Be sure to include one IP address for each subnet mask to allow the MFPs to determine where to find the subnets. Users of computers that are not on the ACL will observe errors when attempting to access the MFPs. It will appear as though the MFPs are not connected to the network. The MFPs allow access to all IP address until the ACL is filled out. Once it is filled out with even a single address, it blocks all other access. Be sure to include the computer that is running Web Jetadmin, or the MFPs will block its access as well (it is possible to operate Web Jetadmin from a remote computer). If your computer uses a proxy for access to the MFPs, be sure to include the proxy server in the ACL. 72