HP PageWide Pro 577dw Printing Security Best Practices: Configuring a Printer - Page 48

• Configure Encryption Strength to High. The encryption strength setting covers communication between a PC and the Embedded Web Server. When HTTPS is configured (as recommended in this checklist), communication is encrypted according to this Encryption Strength setting. With Encryption Strength set to High, users will find that the EWS are accessible only from web browsers that support that level of HTTPS communications. Web browsers that do not support SSL and high encryption strength will not be able to access the MFP EWS. It is recommended that you disable EWS Config during normal MFP operations and enabling it temporarily for changes to configurations. This setting ensures that the network traffic is secure during those configurations. • Disable Open/Print from USB Device. The Open/Print from USB Device feature allows you to print documents stored on a USB device. Leaving this option enabled could allow people without access to your network to print documents from your devices at walk up. • Disable Printer Firmware Update. Printer Firmware Update enables the MFPs to accept printer firmware updates from various sources. Disabling it ensures that no one can send firmware updates to the MFPs. HP recommends updating firmware whenever it becomes available at hp.com. You should enable Printer Firmware Update to perform the upgrades and then disable it again during normal use of the MFPs. With Printer Firmware Update disabled, the MFPs will deny access whenever anyone attempts to upgrade the firmware. • Configure color restriction settings. If your network includes Color LaserJet MFPs, you can configure settings to restrict the use of color printing by users and by applications. With color restriction settings configured, an MFP will print only in black and white for restricted users or applications. • Set the Secure File Erase Mode to Non-Secure Fast Erase. Non-Secure Fast Erase marks the print job data as deleted, and allows the MFP to reclaim and subsequently overwrite the data when needed. Digital Sending Options • Configure the Default From Address, and select Prevent users from changing the Default From Address. The Default From Address setting allows you to place a standard and consistent address in the From field of emails sent from the MFP. Selecting Prevent users from changing the default from address ensures that users are unable to tamper with the address in the From field, and that it is automatically populated with the default or the authenticated users email address. These features ensure that nobody can use the MFP to spoof identity or provide erroneous addresses. Consider using a From address that describes the location or the type of MFP, or use a real address to monitor reply messages. With the Default From Address configured, no one can change the From address in email messages. The address you configure is the only address anyone can use. 44