HP LaserJet Pro M521 HP Commercial LaserJet Printers and MFPs - Imaging and Pr
HP LaserJet Pro M521 Manual
View all HP LaserJet Pro M521 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP LaserJet Pro M521 manual content summary:
- HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 1
HP Imaging and Printing Security Best Practices Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs Version 5.0 for HP Web Jetadmin 10 © Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P. - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 2
RCFG Support ...31 Job Timeout...32 Privacy Setting...32 Protocol Stacks ...33 Web Services Print...35 Apply your Changes 36 Configuring MFP Security Settings 37 Bootloader Password 37 Color Access Control 38 Control Panel Access 38 Embedded Web Password 39 PJL Password ...40 HP LaserJet and - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 3
Printer Firmware Update 41 Secure Disk Encryption Mode 41 Apply the Changes 42 Configuring MFP Fax Settings 44 Configuring Fax Printing 44 Apply the Changes 45 Additional Fax Configuration 46 Configuring MFP System Page Options 82 HP LaserJet and Color LaserJet MFP Security Checklist ii - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 4
Network Page Options 76 Security Page Options 79 Final Configurations 84 Overall Limitations ...85 Chapter 8: Physical Security 86 Chapter 9: Appendix 1: Glossary of Terms and Acronyms 87 HP LaserJet and Color LaserJet MFP Security Checklist iii - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 5
Web Jetadmin and management of HP MFPs and printers. Network administrators should be familiar with the MFP Embedded Web Server (EWS), HP Jetdirect, and firmware upgrades for Jetdirect and MFPs. Refer to the MFP User Guides and the HP Jetdirect Administrator Guide for more information. You can find - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 6
Version 10.2 installed on a Windows XP or Windows Vista PC One of each supported MFP with the latest updated firmware found at hp.com The process for configuring this checklist is developed using HP Web Jetadmin to manage all of the MFPs at the same time. This checklist covers only those parts of - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 7
help files. This checklist relies on these materials for necessary information. All of these guides are available by searching for them at hp.com. MFPs: This checklist covers security settings for specific HP LaserJet MFPs and HP Color LaserJet MFPs. It is meant to enable you to configure multiple - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 8
for Multiple MFPs: The Network Security for Multiple MFPs chapter provides step-by-step instructions for configuring MFP security settings. MFPs are installed and for securing MFP internal hardware. Chapter 9: Appendix 1, Glossary and Acronyms. Chapter 1 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 9
an email service Using another person's email credentials to view that person's email messages Using another person's log on credentials for access to use MFPs or networks Using another person's log on credentials for administrative access to MFPs Chapter 2 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 10
to MFPs: Accessing usage logs to delete entries Removing origination information from file metadata Bypassing user authentication Using remote management software to access the MFP You can minimize the risks of repudiation in the following ways: Chapter 2 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 11
use of an MFP. This can include any of the following: Canceling or pausing the print jobs of others Turning off the MFP remotely Disconnecting power to the MFP Removing the MFP formatter board Disconnecting the MFP from the network Chapter 2 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 12
Changing access configurations Here are some methods of minimizing opportunities for denial of service on an MFP: Lock the control panel. Lock EWS configuration settings. Close SNMPv3 and HTTPS. Lock the control panel. Chapter 2 HP LaserJet and Color LaserJet MFP Security Checklist 8 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 13
Web Jetadmin is a powerful tool that allows you to manage any number of MFPs and printers. It provides the ability to configure a wide variety of features and services on the network. Without proper security, Web Jetadmin allows malicious users the same conveniences for attacking your network - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 14
to restore the MFPs to factory default settings. Without it, the only way to restore the MFPs is to involve an HPauthorized service technician to reset the entire MFP. You may wish special characters, and punctuation marks). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 10 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 15
This section provides instructions for configuring the MFPs for best-practice security. All of these settings are presented for HP Web Jetadmin Version 10.1 or later. Note: If you are setting this checklist for a group of several printers at once, Web Jetadmin will display all supported settings for - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 16
(Figure 2). Figure 2: The Device List showing multiple devices selected. Note: Remember that the steps in this checklist are for the specified HP LaserJet and Color LaserJet MFPs. Other devices may appear in the Device Model list, and it may be possible to configure them using this process, but the - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 17
having a problem configuring a MFP. Sometimes Web Jetadmin can lose track of MFP MFP credentials. The next step is to ensure that any installed HP Secure Hard Disks are configured: Configuring HP Secure Hard Disk If you have an HP If your HP Secure Hard Disk configure your HP Secure Hard - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 18
Follow these steps to use Web Jetadmin to verify your HP Secure Hard Disk is installed and configured: 1. In the device list view, add the and Secure Disk Status columns and transfer them to the Selected Columns list (Figure 5). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 14 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 19
Disk Status columns to the columns selected for display. 3. In the listing of printers, check the Secure Disk and Secure Disk Status columns. The Secure Disk column should Secure Disk Status columns as Installed and Encrypted. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 15 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 20
steps: 1. Click Security in the Configuration Categories menu (Figure 8) to view the options for configuration. From the Security Options select SNMP Version Access Control. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 16 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 21
New User, the New Authentication Passphrase, and the New Privacy Passphrase fields (Figure 10) in the New SNMPv3 Credential section. See below for details. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 17 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 22
at least 8 characters. CAUTION: These instructions are for the initial configuration of SNMPv3. Once you finish this configuration, the MFPs will require these credentials whenever anyone attempts credentials in an encrypted form. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 18 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 23
setting. This setting limits all SNMP configuration communication to only SNMPv 3. Once applied your MFPs will not allow SNMPv1 SET and SNMPv2 GET. 5. Choose Apply at the bottom of the configure devices dialogue box (Figure 12). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 19 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 24
Figure 12: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 20 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 25
for each MFP in an encrypted format. However, Web Jetadmin may still prompt you for credentials on occasion so remember the passwords you set. 7. Click Done to exit the Configure Devices dialogue, and continue with this checklist. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 26
or sent incorrectly from tying up a print resource. To set this timeout follow the instructions below. 1. From the Device category, select the I/O Timeout to End Print Job print jobs on the MFP are erased after a reasonable time. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 22 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 27
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 17). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 23 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 28
Figure 17: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 24 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 29
what methods are available for communication with your MFP over the network. Follow the instructions below to view and configure these options. 1. MFP you: 1. Click Enable Features from the configuration options in the Network category (Figure 19). Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 30
the affected settings from Web Jetadmin menus. This includes settings for email, send to folder, and fax. You should disable EWS Config while the MFPs are in use, and enable it only to make changes to the affected configurations. Telnet Config Disabled Disabling Telnet Config prevents access to - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 31
9100 Printing is the access point for normal printing through standard HP print drivers. Disabling IPP Printing prevents access to configuration settings and other features for discovering or browsing printers on the network. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 27 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 32
on this printer if the MFP network features that are not in use. 3. Click Apply in the lower right hand corner to view the Configure Devices dialogue box. (Figure 20). Review your selections carefully before clicking on the Configure Devices button. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 33
secure communications with the MFP EWS. To enable this feature: 1. Click Encrypt all web communication, and then select Enabled to enable HTTPS communication between the Jetdirect Print Server and any web browser (Figure 21). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 29 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 34
to choose the strength of the encryption algorithm used for communication between the MFP EWS and the web browsers connecting to it (this is related to menu, and select the highest setting that your browser supports (Figure 23). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 30 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 35
to configuration settings through Novell NetWare linkages; however, you should enable it if your network uses these linkages. 1. Click IPX -- RCFG Support Enabled (Figure 25), and leave Enable RCFG Support blank to disable it. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 31 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 36
enable this feature, information collected by HP will be limited to the following items: HP Jetdirect product number, firmware version, and manufacturing date Model number of the MFP Web browser and operating system detected Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 32 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 37
SNMP control methods enabled Wireless configuration methods enabled The MFP must have internet access to allow HP to collect information. To disable the Privacy Setting option: as applicable to your network. See the table below. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 33 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 38
Figure 28: The Protocol Stacks options. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 34 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 39
enables or disables the Microsoft Services for Devices WSD Print services supported on the HP Jetdirect Print Server. 1. Click to select Web Services Print (Figure 29), and select Disabled. Figure 29: Enabling Web Services Print. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 35 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 40
the selected devices. This will open the configure devices dialogue box (Figure 30). Figure 30: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 36 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 41
listed in this section, you should check the chapter on Advanced Security for multiple MFPs. To set the basic required settings in this category follow the steps in the the bootloader password will be cleared in the MFPs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 37 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 42
options. Control Panel Access The Control Panel Access Feature allows you to set the level of security on the physical control panel of your MFPs. Maximum Lock ensures that no one can access configuration settings in the control panel. To set Control Panel Access: 1. Click to select the Control - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 43
Jetadmin it is important to set the Embedded Web Password. To do this, follow these instructions. 1. Click Embedded Web Server Password under the Security category (Figure 34). Figure 34: The Embedded Web Server Password options. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 39 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 44
number between 1 and 2147483647 that is at least nine digits in length, and repeat it in the Repeat PJL Password field. Note: If you have problems configuring this password try configuring it through the EWS. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 40 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 45
is the default and recommended mode. Note: If you are configuring multiple devices and are not sure whether a manual password has been set on any of those devices it is recommended you skip this step in the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 41 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 46
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 38). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 42 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 47
Figure 38: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 43 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 48
Fax Printing Follow these instructions to configure Fax Printing: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below. At the minimum PIN number to print stored Fax jobs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 44 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 49
apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 40). Figure 40: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 45 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 50
of the printer into address field of your web browser and click the fax tab (Figure 41). Figure 41: The Fax Settings Page. 2. Click to select Fax Speed Dials on the left hand menu (Figure 42). Figure 42: Fax Speed Dials selection and page. Chapter 3 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 51
entries from modification. To do this, enter 0-99 in the box and select Save (Figure 44). Figure 44: The Fax Speed Dials lockdown box Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 47 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 52
should configure the settings below for security while EWS Config is enabled. Follow these instructions: 1. Click the Embedded Web Server category to select Embedded Web Server Configuration Options for each item in this list: Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 48 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 53
best practice. Command Load and Execute enables the MFPs to install and run Chai services, such as workflow applications and job accounting solutions. You should disable it unless you are using installed applications on your MFPs. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 49 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 54
Button allows the MFPs to resume after an error has been cleared. Print Service enables users to send print-ready files directly to an MFP without having the MFP installed on a Figure 46: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 50 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 55
is recommended that all external access to the file systems on your MFPs be disabled. To do so, follow these instructions: 1. Click the File System category to select File System External Access the NFS option disables the entire Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 51 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 56
MFPs will require the password whenever anyone or any device requests access to the storage devices. To set the File System password follow the instructions Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 57
order this should not be an issue. To set the Secure File Erase Mode follow these instructions: 1. Click to select Secure File Erase Mode (Figure 49), and view the options in the Sanitizing Erase if you require maximum security. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 53 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 58
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 51). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 54 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 59
Figure 51: The Configure Devices dialogue box. 6. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 55 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 60
Color LaserJet MFPs might appear on the Digital Sending page. These settings are for other types of HP MFPs. You should configure the settings that appear in the instructions below. You may wish to configure the other settings as a safeguard, but they are ignored on devices that do not support them - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 61
in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 54). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 57 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 62
dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Configuring Final Settings Some of the MFP settings should be configured independently from other settings and only at the end of this checklist. Follow these instructions for the final - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 63
bottom of the page. 5. Wait for a few minutes to allow all of the MFPs to restart. Do not continue until all of them are at the READY state. Disabling configuring this checklist, but it should be disabled during normal use of the MFPs. To disable EWS Config: 1. Go to the Network category, and click - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 64
Note: This setting disables configuration from the MFP EWS. It also disables all EWS-related settings from Web Jetadmin ( Jetadmin. Always remember to disable EWS Config after making changes. Your MFPs are now securely configured. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist 60 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 65
Control List: HP LaserJet M3027 MFP HP LaserJet M3035 MFP HP LaserJet M4345 MFP HP LaserJet M5025 MFP HP LaserJet M5035 MFP HP LaserJet M9040 MFP HP LaserJet M9050 MFP HP Color LaserJet CM3530 MFP HP Color LaserJet CM6030 MFP HP Color LaserJet CM6040 MFP HP Web Jetadmin may not - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 66
moving on. 3. To make sure all of the MFPs are configured with your new listings, click Clear all single MFP, open the device in Web Jetadmin and navigate to the ACL options (all of the MFPs should to ensure that the ACL restricts access to the MFP EWS through HTTP. Note: These ACL options allow - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 67
Many of the options available (such as LDAP, Kerberos, and Digital Send Service) require additional solutions on the network for support. 2. Click the dropdown menu next to Log in at Walk Up, and select from the list (Figure 59). Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 63 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 68
Service is an additional solution offered at hp.com. Choose an authentication method for Future Installations as desired. This automatically requires authentication for new solutions that may be installed on the MFP (Figure 60). Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 64 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 69
PIN fields. Note: If your network includes NTLM service, configure NTLM. This option specifies the authentication method to use when your MFP executes a send to folder job. We recommend using the highest authentication available. Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 65 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 70
MFP to use the LDAP address book; however, the SSL certificate options for both configurations appear on the Digital Sending page. Note: These instructions MFPs using the LDAP Access options in the Digital Sending page (explained earlier). Chapter 4 HP LaserJet and Color LaserJet MFP Security - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 71
also provides a way to add user email addresses to the MFP address book. You can configure up to 2000 users in this feature. Configure User PIN Authentication (Figure 62) as desired. Figure 62: The User Pin Authentication options. Chapter 4 HP LaserJet and Color LaserJet MFP Security Checklist 67 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 72
list of the settings recommended in this checklist. This section does not include instructions or explanations. It is intended to be used as a check-off list Disable LPD Printing. Enable 9100 Printing. Disable IPP Printing. Chapter 5 HP LaserJet and Color LaserJet MFP Security Checklist 68 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 73
Printer Firmware Update. Configure Secure Disk Encryption Mode Fax Category Options Configure Fax Printing. Establish PIN Number. Select Store All Received Faxes. Additional Fax Configuration Configure Fax Speed Dials. Lock Speed Dials. Chapter 5 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 74
Disable Command Load and Execute. Enable Continue Button. Disable Print Service. File System Page Options Configure File System External Access. Disable Direct Ports (wait for MFPs to restart). Disable EWS Config. Chapter 5 HP LaserJet and Color LaserJet MFP Security Checklist 70 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 75
chapter lists the default setting for each configuration in the checklist: Setting Configure HP Secure Hard Disk Configure SNMPv3 (Security page). I/O Timeout to End Print Job Handling Enabled ? Enabled Low Dump then Reboot Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 71 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 76
Services Print. Configure Bootloader password. Configure Color Access Control Configure Control Panel Access to Maximum Lock. Configure Embedded Web Server Password. Configure the PJL Password. Disable Printer Firmware ) Enabled Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 72 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 77
Disable Command Load and Execute. Enabled Enable Continue Button. Enabled Disable Print Service. Configure File System External Access. Disable PJL. Enabled (See below) Erase. Enabled Not Configured Non-Secure Fast Erase Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 73 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 78
default: 20 seconds Configure Default From Address. Select Prevent user from changing the Default From Address. Disable Direct Ports (wait for MFPs to restart). Disable EWS Config. Not configured Not selected Enabled Enabled Chapter 6 HP LaserJet and Color LaserJet MFP Security Checklist 74 - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 79
credentials. The MFP will not disclose which credentials are incorrect; it will only revert to the prompt for credentials. SNMPv3 causes some slowing of the configuration process due to the additional time taken to encrypt the data. Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 80
it disabled, MFPs will deny access to Telnet sessions. Web Jetadmin does not use Telnet Config; thus disabling it has no affect on it. It disables other tools, but Web Jetadmin is the only solution recommended for managing HP MFPs. Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 81
enables files to be sent to the printer via FTP for printing on the MFP, enabling FTP Printing also allows you to upgrade your printer firmware by sending the firmware via FTP. HP recommends disabling it and using Web Jetadmin to upgrade firmware. MFPs will deny access to FTP sessions. Disable - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 82
disable IPX RCFG Support unless your network has Novell and older Jetdirect print servers. With IPX RCFG Support disabled, MFPs will deny access HP will be limited to the following items: HP Jetdirect product number, firmware version, and manufacturing date Model number of the attached printer - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 83
services supported on the HP Jetdirect Print Server. If this feature is enabled someone with a host that supports Web Services Print can discover IP Addresses and other information about the printers settings. If your network includes Color LaserJet MFPs, you can configure settings to restrict the - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 84
firmware manually through the boot loader if you have not safeguarded this option. HP recommends updating firmware whenever it becomes available at hp.com. You should enable Printer Firmware Update to perform the upgrades and then disable it again during normal use of the MFPs. With Printer Firmware - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 85
Service. HP Digital Sending Software is a useful tool for managing MFP digital sending. It is available for purchase at hp.com. HP recommends using Digital Send Service the front panel of the MFP. Embedded Web Server Page Options Mail. The MFP sends some email does not affect the MFP send to email - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 86
own jobs from the printer driver or from the control panel MFP Print driver installed can send print jobs to the MFPs. With Print Service HP recommends shutting down all unused access to the file system. See the ramifications for each protocol below. Chapter 7 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 87
for normal print jobs, but could affect interoperability with third party products. Disable PML access. PML (Printer Management Language) is an HP proprietary protocol that manages MFPs. Web Jetadmin uses PML for many of its configuration settings. Disabling this PML access eliminates the PML - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 88
the MFPs to turn off and turn on. They will be out of service MFPs are online and ready before executing another configuration. With Direct Ports disabled, the parallel and USB ports are turned off, and the MFPs behave as if the ports do not exist. Chapter 7 HP LaserJet and Color LaserJet MFP - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 89
of the functions that you would want to provide to users are available using the MFP drivers or the control panels. Overall Limitations This overall configuration provides a high level of network security for HP MFPs. At the same time, it introduces some limitations to the conveniences designed into - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 90
services and features Access to stored print jobs (depending on settings) Access to copy features (unauthorized overuse of resources such as toner and paper) You can help minimize all of these risks by placing the MFPs the MFP User Guide. If you have purchased the EIO version of the HP Secure - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 91
MFP HP MFP bundles and it is covered in this checklist. MFPs Service. DSS is an HP solution to enhance MFP MFP network IP address. Firmware Firmware is the program that operates the MFP. It controls all functions of the MFP. Firmware can be upgraded as new versions become available. New firmware MFP. - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 92
Many of the MFPs include internal Jetdirect hardware as standard equipment. Other MFPs, such as HP Color LaserJet 9500 MFPs require EIO Jetdirect into a paper path from an input tray similar to the input paper tray on a printer. It runs each sheet past the scanner and places it in an output tray. - HP LaserJet Pro M521 | HP Commercial LaserJet Printers and MFPs - Imaging and Pr - Page 93
Microsoft® is a U.S. registered trademark of Microsoft Corporation. Adobe and PostScript are trademarks of Adobe Systems Incorporated. © Copyright 2005, 2006, 2009, 2010 Hewlett-Packard Development Company, L.P.
© Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P.
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs and Color
LaserJet MFPs
Version 5.0 for HP Web Jetadmin 10