HP PageWide Pro 577dw Printing Security Best Practices: Configuring a Printer - Page 47

Security Options, Embedded Web Server Options, Con Authentication LDAP, Kerberos, Device PIN

Get HP PageWide Pro 577dw PDF manuals and user guides View all HP PageWide Pro 577dw manuals
Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

• Disable IPPS when IPP not in use is your only option. When IPP is enabled, the IPPS Printing setting enables the Internet Printing Protocol over SSL. IPPS provides a secure method for sending print jobs to the device over the Internet or intranet. If you have chosen to enable IPP then we recommend Enabling IPPS as well. • Disable MDNS Config. MDNS Config resolves host names with IP addresses in small networks without DNS servers. Most enterprise networks include DNS servers and do not require this service. With this option disabled, a non-DNS network will not recognize the MFPs. If your network does not include a DNS server, you should enable MDNS Config. • Disable WS-Discovery. WS-Discovery enables network hosts which support WS-Discovery to discover printers and devices on the network. Unless you are in an IPv6 or Windows Vista/Windows 7 only environment there are other protocols you can use to discover your printers. • Disable Web Services Print. This disables the Microsoft WSD Print services supported. If this feature is enabled someone with a host that supports Web Services Print can discover IP Addresses and other information about the printers in your environment. Security Options • Configure Authentication (LDAP, Kerberos, Device PIN, or User PIN). Authentication requires users to log on for use of the MFPs. • Configure Access Control. The Access Control provides the settings to require log in for use of the MFP. It is important to be sure to configure the authentication methods (LDAP, Kerberos, Device PIN, or User PIN) you wish to enforce in Access Control. With Access Control enabled, MFPs will deny access to users who cannot supply the correct credentials. Embedded Web Server Options • Configure Embedded Web Server Configuration Options. These options limit some of the EWS features that can be misused: • Configure the Embedded Web Server Password. The EWS password restricts access to the configuration settings in the EWS. When configured, the MFP requires the password whenever anyone or any application attempts to make changes to the EWS settings. Keep in mind that the settings provided in the EWS are also accessed by Web Jetadmin. Thus, the MFPs will require the EWS password from Web Jetadmin whenever it attempts to access these settings. Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It will automatically provide the EWS password to the MFPs whenever they MFPs prompt for it. The EWS password is synchronized with the device password, which is recommended later in this checklist. Whenever you change either password, the MFP will change the other one to be the same. • Disable Enable Host USB Leaving this option enabled could allow people without access to your network print documents from your devices at walk up. We recommend that this feature be Disabled. Disabling this feature will not affect your smart card solution or Host USB functionality. • Encrypt all web communication by Enabling HTTPS. This setting enables encryption for configuration data between the PC and the MFP EWS. It prevents sensitive data such as usernames and passwords from passing over the network in clear text. This setting is related to the EWS Encryption Strength setting explained below. 43

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
43
Disable IPPS when IPP not in use is your only option
. When IPP is enabled, the IPPS Printing setting
enables the Internet Printing Protocol over SSL. IPPS provides a secure method for sending print
jobs to the device over the Internet or intranet. If you have chosen to enable IPP then we
recommend Enabling IPPS as well.
Disable MDNS Config
. MDNS Config resolves host names with IP addresses in small networks
without DNS servers. Most enterprise networks include DNS servers and do not require this service.
With this option disabled, a non-DNS network will not recognize the MFPs. If your network does not
include a DNS server, you should enable MDNS Config.
Disable WS-Discovery.
WS-Discovery enables network hosts which support WS-Discovery to
discover printers and devices on the network. Unless you are in an IPv6 or Windows Vista/Windows
7 only environment there are other protocols you can use to discover your printers.
Disable Web Services Print
. This disables the Microsoft WSD Print services supported. If this feature is
enabled someone with a host that supports Web Services Print can discover IP Addresses and other
information about the printers in your environment.
Security Options
Configure Authentication (LDAP, Kerberos, Device PIN, or User PIN)
. Authentication requires users to log
on for use of the MFPs.
Configure Access Control
. The Access Control provides the settings to require log in for use of the MFP.
It is important to be sure to configure the authentication methods (LDAP, Kerberos, Device PIN, or User
PIN) you wish to enforce in Access Control. With Access Control enabled, MFPs will deny access to users
who cannot supply the correct credentials.
Embedded Web Server Options
Configure Embedded Web Server Configuration Options
. These options limit some of the EWS
features that can be misused:
Configure the Embedded Web Server Password
. The EWS password restricts access to the
configuration settings in the EWS. When configured, the MFP requires the password whenever
anyone or any application attempts to make changes to the EWS settings. Keep in mind that the
settings provided in the EWS are also accessed by Web Jetadmin. Thus, the MFPs will require the
EWS password from Web Jetadmin whenever it attempts to access these settings.
Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It will
automatically provide the EWS password to the MFPs whenever they MFPs prompt for it.
The EWS password is synchronized with the device password, which is recommended later in this
checklist. Whenever you change either password, the MFP will change the other one to be the
same.
Disable Enable Host USB
Leaving this option enabled could allow people without access to your
network print documents from your devices at walk up. We recommend that this feature be
Disabled. Disabling this feature will not affect your smart card solution or Host USB functionality.
Encrypt all web communication by Enabling HTTPS
. This setting enables encryption for
configuration data between the PC and the MFP EWS. It prevents sensitive data such as usernames
and passwords from passing over the network in clear text. This setting is related to the EWS
Encryption Strength setting explained below.