HP PageWide Pro 452dw Printing Security Best Practices: Configuring a Printer
HP PageWide Pro 452dw Manual
View all HP PageWide Pro 452dw manuals
Add to My Manuals
Save this manual to your list of manuals |
HP PageWide Pro 452dw manual content summary:
- HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 1
for HP PageWide Pro Printers and HP Web Jetadmin Configuring a Printer Securely in HP Web Jetadmin 10.4 Version 1.0 HP PageWide Pro 477dn MFP HP PageWide Pro 477dw MFP HP PageWide Pro 577dw MFP HP PageWide Pro 577z MFP HP PageWide Pro 452dn Printer HP PageWide Pro 452dw Printer HP PageWide Pro 552dw - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 2
...6 Information Disclosure ...7 Denial of Service ...7 Elevation of Privilege ...8 Chapter 2: Basic Network Security for Multiple HP Devices 9 Notes on the Process of Configuration ...9 Using Web Jetadmin and Printer Passwords ...9 Getting Started ...10 Setting up HP Web Jetadmin ...11 Configuring - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 3
USB...25 Encrypt all Web Communication...26 Encryption Strength...26 Printer Firmware Update ...27 Restrict Color...27 Configuring Fax Settings ...28 Blocked Embedded Web Server 36 Disable Job Log on EWS Tools tab ...37 HP and 3rd Party Solutions...37 Chapter 4: Settings List ...38 Recommended Basic - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 4
iii - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 5
HP device models: • HP PageWide Pro 452dn Printer • HP PageWide Pro 452dw Printer • HP PageWide Pro 552dw Printer • HP PageWide Pro 477dn MFP • HP PageWide Pro 477dw MFP • HP PageWide Pro 577dw MFP • HP PageWide Pro 7 SP1 • One of each supported MFP with the latest updated firmware found at hp.com 1 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 6
HP has tested this checklist to ensure that MFPs continue to provide the best possible performance while averting possible security threats; however, some of these settings can cause unexpected problems HP provides this checklist as a guide HP PageWide Pro MFPs. However, this checklist applies for HP - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 7
checklist assumes that each device has updated MFP firmware. You should use the latest firmware available, but realize that updated firmware may have new features not covered in this checklist. Updated firmware is available for download and installation at hp.com. • Web Jetadmin version 10.4: The - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 8
Multiple HP Devices provides some limited information on where to find configuration settings in WJA for advanced network configurations. • Chapter 4: Settings List: The Settings List chapter provides a bulleted list of the recommended settings with checkboxes. It does not include instructions or - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 9
difficult, but HP is dedicated to research in this area. This checklist represents some of HP's efforts to ensure that you can use HP MFPs with Using another person's email credentials to have free use of an email service • Using another person's email credentials to view that person's email messages - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 10
• Protect MFP storage access • Configure authentication • Configure the administrator password • Configure SNMPv3 Tampering with Data Tampering with data can include any method of changing, destroying, or adding to information that is flowing to or from a device or stored on it. Here are some ways - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 11
: • Reading stored print jobs on the MFP hard drive • Downloading log information • Downloading address books • Intercepting print jobs, copy jobs, fax jobs, or SNMPv3 for Web Jetadmin, including disabling SNMPv1/2. Denial of Service Denial of service is any type of interference with normal use of an - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 12
Elevation of Privilege Elevation of privilege is any method of upgrading authorized access to include unauthorized access. This can be any of the following: • Non-administrators changing settings to get administrator privileges • Unauthorized use of management software to provide access for other - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 13
of the steps in this chapter are found in HP Web Jetadmin and you should use Web Jetadmin to services on the network. Without proper security, Web Jetadmin allows malicious users the same conveniences for attacking your network printers. Thus, configuring security features and passwords and updating - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 14
for setting and updating passwords (some of instructions for configuring HP printers for best-practice security. All of these settings pertain to HP printers at once, Web Jetadmin will display all supported settings for all the MFPs it is managing, even though some of the MFPs may not support - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 15
HP. See the HP Web Jetadmin Update page in the Product Update, Install menu. Note: All screenshots are from Web Jetadmin version 10.4. Setting up HP Web Jetadmin Follow these instructions on print device discovery. See the Web Jetadmin user guide for more information. In most cases, the devices will - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 16
selected Note: Remember that the steps in this checklist are for the specified HP PageWide MFPs. Other devices may appear in the Device Model list, and it may for configuration Tip: If you are having a problem configuring a setting, try configuring it using the individual device's configuration page. - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 17
Device Cache (see Web Jetadmin Help) and re-enter the device credentials. 5. Continue to the next step to configure secure communications between HP Web Jetadmin and the MFPs. Configuring SNMPv3 SNMPv3 provides encryption for communication between Web Jetadmin and MFPs. It helps to ensure that only - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 18
the SNMP Version Access Control dialog box CAUTION: These instructions are for the initial configuration of SNMPv3. Once you credentials, the only way to restore communication between HP Web Jetadmin and the print devices is to restore the factory default settings. Web Jetadmin retains the SNMPv3 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 19
before canceling a job. Setting this timeout will help prevent jobs formed or sent incorrectly from tying up a print resource. To set this timeout follow the instructions below. 1. From the Device category, select the I/O Timeout to End Print Job option (Figure 8). 15 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 20
timeout will help prevent jobs sent with improper paper or media selections from tying up a print resource. To set this timeout follow the instructions below. 1. From the Device category, select the Input Auto Continue Timeout menu. 2. Click the checkbox to enable the Input Auto Continue Timeout - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 21
11: The Job Retention options Job Storage Limit The Job Storage Limit allows you to specify the maximum number of stored jobs allowed on the printer. You will want to choose a number of jobs that is appropriate for your print devices and print usage in your environment. This setting can protect - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 22
Figure 12: The Job Storage Limit options 3. Click the Apply button located in the bottom right hand corner to apply the settings to the selected devices. Figure 13: The Configure Devices dialog box 4. Review your settings and then click the Configure Devices button to execute the configuration. 18 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 23
over the network. Follow the instructions below to view and configure HP Web Services, or other applications are part of your print environment we recommend disabling these features. If you are using the ePrint enterprise server instead of the HP cloud, you should refer to your administrators guide - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 24
Figure 15: Disable HP ePrint, HP Web Services, and Apps Enable WINS Port The Enable WINS Port setting enables/disables the port used for WINS name resolution. To enable the WINS Port, click - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 25
Figure 17: Disabling Web Services Print Google Cloud Print This option enables or disables the Google Cloud Print for Devices. Click to select Google Cloud Print (Figure 18), and select - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 26
Enabled 9100 Printing is the access point for normal printing through standard HP print drivers. AirPrint Disabled Disabling AirPrint prevents printing via AirPrint. If you do not operate in an environment that supports this feature, we recommend disabling this feature. IPP FAX Out Disabled - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 27
protocol. If you do not operate in an environment that supports this feature, we recommend disabling this feature. Disabling IPP Printing using WS-Discovery for discovering or browsing printers on the network. WARNING: You should enable WS-Discovery on this printer if any of the following apply: 1) - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 28
right hand corner to view the Configure Devices dialog box. (Figure 24). Review your selections carefully before clicking on the Configure Devices button. Figure 20: Confirm . To do this, follow these instructions. 1. Click Embedded Web Server Password under the Security category (Figure 21). 24 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 29
Figure 21: The Embedded Web Server Password options 2. Type a password of 9 to 16 characters in the Password field (you should always type the maximum number of characters for best security). This setting requires users to log on for parts of the EWS that provide configuration options. 3. Repeat the - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 30
Strength setting: 1. Click Encryption Strength in the Security category (Figure 24). 2. Click the Encryption Strength dropdown menu, and select the highest setting that your browser supports. 26 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 31
24: The Encryption Strength option Printer Firmware Update HP recommends updating firmware whenever new firmware is available, but you should keep Printer Firmware Update disabled until you plan to use it. To disable Printer Firmware Update: Click to select Printer Firmware Update (Figure 25), and - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 32
number to the blocked fax list. Follow these instructions to configure Fax Printing: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below. At the minimum, configure the modem settings for the country, - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 33
Figure 28: Fax Header settings 2. Enter the Phone number and Company name that you would like to appear on faxes. 29 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 34
erase with no additional security. To set the Secure File Erase Mode follow these instructions: 1. Click to select Secure File Erase Mode (Figure 29), and view the devices. The Configure Devices dialog box will open. 4. Review your settings and then click the Configure Devices button to execute - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 35
Email Address/Message Settings - Default From Address HP recommends configuring the default from address to ensure that no one can send email using false or misleading identification. If you are using LDAP Authentication, - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 36
section that is not contained in this document you can refer to the MFP User Guides and the Embedded Web Server Administrator Guide for more information. You can find these documents and more information at hp.com. Access Control for Device Functions Access Control for Device Functions allows you to - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 37
you plan to configure for the MFPs selected. Many of the options available (such as LDAP and Kerberos) require additional solutions on the network for support. For more information on Access Control configuration, please refer to the user or EWS Administration - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 38
LDAP If your network includes LDAP, configure the LDAP Sign In Setup and the LDAP Users and Groups options (Figure 34 and 35). Figure 34: The LDAP Sign In Setup options Figure 35: The LDAP Users and Groups options Once these settings are configured, users will be required to enter login credentials - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 39
Firewall Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. HP PageWide printers provide this feature to ensure that printing is secure. Figure 37: The Firewall Setup options The Failsafe option (Figure 38 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 40
Figure 38: The HTTPS Setup options Figure 39: The IPsec Setup options Security Features Available in the Embedded Web Server These features are either only partially offered in Web Jetadmin, or are only available for configuration through the MFPs embedded web interface. To configure these settings, - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 41
and 3rd Party Solutions Most of the recommendations in the next chapter can be implemented without having a negative impact on HP and 3rd party solutions, however HP and 3rd party solutions should be tested with any settings changes to ensure that there are not any negative impacts. If a previously - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 42
the settings recommended in this checklist. This section does not include instructions or explanations. This list provides the recommended settings to ensure MFPs configured according to this list are considered secure, but HP does not warrant or guarantee that this configuration prevents or limits - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 43
Disable Web Services Print Security Category Options Configure Embedded Web Server Password Disable Enable Host USB Enable HTTPS Setting to Encrypt all web communication Configure Encryption Strength to High Disable Printer Firmware Update Configure Restrict Color as desired Fax - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 44
Disable WS-Discovery Disabled Web Services Print Enabled Embedded Web Server Password Disabled Enable Host USB Disabled Enable Encrypt all Web Communication Enabled Configure Encryption Strength to High High Disable Printer Firmware Update Enabled Restrict Color Not configured - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 45
Chapter 6: Ramifications Raising the level of security on HP MFPs requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring the settings recommended in this - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 46
Unless ePrint, HP Web Services, or other HP cloud for ePrint you should refer to your administrators guide for any special settings that may be required to secure your solution. • Configure Enable Features options. These options enable or disable various supported MFP print drivers. Disabling 9100 - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 47
there are other protocols you can use to discover your printers. • Disable Web Services Print. This disables the Microsoft WSD Print services supported. If this feature is enabled someone with a host that supports Web Services Print can discover IP Addresses and other information about the - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 48
at walk up. • Disable Printer Firmware Update. Printer Firmware Update enables the MFPs to accept printer firmware updates from various sources. Disabling it ensures that no one can send firmware updates to the MFPs. HP recommends updating firmware whenever it becomes available at hp.com. You should - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 49
Overall Limitations This overall configuration provides a high level of network security for HP MFPs. At the same time, it introduces some limitations to the conveniences designed into the MFPs. Following is a list of known effects of this overall - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 50
HP MFPs involve hard copy documents. MFPs can print them, scan them, send them to email, send them to network folders, send them to other printers services and features • Access to stored print jobs (depending on settings) • Access to copy features (unauthorized overuse of resources such as toner - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 51
Firmware can be upgraded as new versions become available. New firmware is available by searching for it by product at hp.com. This checklist assumes that each MFP is upgraded with the latest firmware tray similar to the input paper tray on a printer. It runs each sheet past the scanner and places - HP PageWide Pro 452dw | Printing Security Best Practices: Configuring a Printer - Page 52
two types of data: system data, such as configurations, and user data, such as print jobs, address books, and installed applications. HP Web Jetadmin: HP Web Jetadmin is a peripheral management tool that provides access to multiple devices for status and configuration. It is capable of configuring
HP Printing Security Best Practices
for HP PageWide Pro Printers and HP
Web Jetadmin
Configuring a Printer Securely in HP Web Jetadmin 10.4
Version 1.0
HP PageWide Pro 477dn MFP
HP PageWide Pro 477dw MFP
HP PageWide Pro 577dw MFP
HP PageWide Pro 577z MFP
HP PageWide Pro 452dn Printer
HP PageWide Pro 452dw Printer
HP PageWide Pro 552dw Printer