HP PageWide Pro 552dw Printing Security Best Practices: Configuring a Printer - Page 11

Information Disclosure Information disclosure is gathering information from an MFP and providing it to unauthorized users. This can include authentication information, usage log information, or information from the contents of a job. Such data stored on your hard drive is considered 'at rest' while data being transmitted by your MFP device is considered 'in transit'. Here are some ways information disclosure can relate to an MFP: • Reading stored print jobs on the MFP hard drive • Downloading log information • Downloading address books • Intercepting print jobs, copy jobs, fax jobs, or digital send jobs (such as email) You can minimize the risks of information disclosure in the following ways: • Close unused ports and protocols. • Configure all possible password settings. • Configure access control and authentication for device functions. • Configure SNMPv3 for Web Jetadmin, including disabling SNMPv1/2. Denial of Service Denial of service is any type of interference with normal use of an MFP. This can include any of the following: • Canceling or pausing the print jobs of others • Turning off the MFP remotely • Disconnecting power to the MFP • Disconnecting the MFP from the network • Causing interference with network communication to the MFP • Changing the network location of the MFP • Causing an error state that interrupts service • Changing access configurations Here are some methods of minimizing opportunities for denial of service on an MFP: • Lock the control panel by configuring Access Controls • Protect EWS configuration settings by setting an Admin Password • Close unused ports and protocols • Enable the resume feature to allow the MFP to resume operations after an error state • Configure Job Timeout • Control physical access to the MFP • Lock physical access to removable hardware 7