HP Designjet T1100 A0 User Guide Manual

HP Designjet T1100 A0 User Guide Manual
HP Designjet Printer series
Security features
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
© 2012 Hewlett-Packard Development
Company, L.P.
Reproduction, adaptation, or translation
without prior permission is prohibited,
except as allowed under the copyright
laws.
The information contained herein is
subject to change without notice. The only
warranties for HP products and services
are set forth in the express warranty
statements accompanying such products
and services. Nothing herein should be
construed as an additional warranty. HP
shall not be liable for technical or
editorial errors or omissions contained
herein.
February 2012 Edition
2
Downloaded from ManualsPrinter.com Manuals
Security Settings
HP Designjet Printer Series
Security Settings
Table of Contents
1.
2.
3.
Introduction & Overview ................................................................................................... 4
Security features available for Large Format scanners ........................................................... 6
Security Concepts explanation........................................................................................... 7
3.1
Secure File Erase ......................................................................................................... 7
3.2
Secure Disk Erase ........................................................................................................ 8
3.3
Control Panel Access Lock ........................................................................................... 11
3.3.1 Deadlock: Front Panel locked + EWS password forgotten ............................................... 13
3.4
Embedded Web Server (EWS) multilevel access ............................................................. 13
3.5
Exclude personal info from accounting .......................................................................... 18
3.6
Disable connectivity interfaces ..................................................................................... 19
3.7
Disable protocols ....................................................................................................... 20
3.8
IPSec ........................................................................................................................ 20
3.9
SNMPv3 ................................................................................................................... 21
3.10
CA/JD Certificates .................................................................................................. 22
3.11
Hide IP from front panel .......................................................................................... 22
3.12
Encrypt web communications ................................................................................... 22
3.13
Disable USB drive................................................................................................... 23
3.14
Disable firmware update through USB ....................................................................... 23
3.15
Disable direct print using ePrint&Share ...................................................................... 23
3.16
Disable ePrint connectivity ....................................................................................... 23
3.17
Disable internet connection ...................................................................................... 23
3.18
Printer Access control .............................................................................................. 24
3.19
External hard disk (EHD) .......................................................................................... 24
How the system works ........................................................................................................ 24
4.
Designjet Security features vs LaserJet ............................................................................... 25
5.
Glossary ...................................................................................................................... 26
3
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
1. Introduction & Overview
This document is aimed at providing an overview of the security features supported by HP Designjet printers as
of February 2012.
The security features described in this document make the HP Designjet printer series particularly well suited to
being deployed into environments where network, data, access control, and security are important.
The following is a table summarizing the new and existing security features of HP Designjet printers series and
how they are implemented using the Embedded Web Server and/or HP Web JetAdmin (WJA). Please make
sure that your printer has the latest firmware version to benefit from all security features.
Note: If your printer is not listed in the table then these features are not implemented.
T7100
Z6200
T2300/T1300
T790
Z3200
Z2100
Secure file erase
WJA
WJA
WJA
WJA
WJA
WJA
Secure disk erase
FP
WJA/FP
WJA/FP
WJA/FP (PS models)
WJA/FP
N/A
Control panel lock
EWS/WJA
EWS
EWS/WJA
EWS/WJA
N/A
N/A
EWS multilevel
EWS
EWS
EWS (1 level)
EWS (1 level)
EWS (1 level)
N/A
Exclude personal
info. From
accounting
EWS
EWS
EWS
EWS
EWS
N/A
Disable interfaces
EWS
EWS
EWS (USB printing
EWS(USB printing
only)
N/A
N/A
Disable protocols
EWS/WJA
EWS/WJA
EWS/WJA
EWS/WJA
EWS/WJA
EWS/WJA
EWS
EWS
EWS/WJA
EWS/WJA
EWS/WJA
EWS/WJA
EWS
EWS
EWS
EWS
EWS + Jetdirect
EWS + Jetdirect
EWS/WJA
EWS/WJA
EWS/WJA
EWS
EWS + Jetdirect
EWS + Jetdirect
FP
FP
FP
FP
N/A
N/A
EWS/WJA
EWS/WJA
EWS/WJA
EWS
EWS + Jetdirect
EWS + Jetdirect
N/A
N/A
EWS/FP
EWS/FP
N/A
N/A
N/A
N/A
EWS/FP
EWS/FP
N/A
N/A
N/A
N/A
FP
FP
N/A
N/A
N/A
N/A
FP
FP
N/A
N/A
N/A
N/A
EWS/FP
EWS/FP
N/A
N/A
Printer access control
N/A
N/A
EWS/FP
EWS/FP
N/A
N/A
External HDD
Yes
Yes
Yes
PS only, from fw
IG_01_05_04.4
No
No
IPSec
SNMPv3
CA/JD Certificates
Hide IP from fp
Encrypt web comms
Disable USB drive
Disable fmw update
thru USB
Disable direct print
with ePrint&Share
Disable ePrint Center
connectivity
Disable internet
connection
4
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
T1200
Security Settings
T770
Z3100
Z3100ps
4020/4520
T1100/T1120
Z6100
T620
WJA
WJA
WJA
WJA
WJA
WJA
WJA
N/A
WJA/FP
WJA/FP
(HD)
N/A
FP
FP
WJA/FP
WJA/FP
WJA/FP
Control panel
lock
EWS/WJA
WJA
N/A
N/A
WJA
EWS
EWS
N/A
EWS multilevel
EWS
N/A
N/A
EWS (1 level)
EWS
EWS
EWS
N/A
Exclude personal
info. from
accounting
EWS
EWS
N/A
N/A
EWS
EWS
EWS
N/A
Disable interfaces
EWS
EWS
EWS
N/A
EWS
EWS
EWS
N/A
Disable protocols
EWS/WJA
EWS/WJA
EWS/WJA
Secure file erase
Secure disk erase
IPSec
SNMPv3
CA/JD
Certificates
Hide IP from FP
Encrypt web
comms
Disable USB
drive
Disable fmw
update thru USB
Disable direct
print with
ePrint&Share
Disable ePrint
Center
connectivity
Disable internet
connection
Printer access
control
External HDD
EWS/WJA
EWS
EWS/WJA EWS/WJA
EWS/WJA EWS/WJA + EWS/WJA +
EWS/WJA
+ Jetdirect
Jetdirect
Jetdirect
EWS +
EWS +
EWS + Jetdirect
EWS
Jetdirect
Jetdirect
EWS/WJA
EWS/WJA EWS/WJA
EWS/WJA +
Jetdirect
EWS/WJA EWS/WJA +
+ Jetdirect
Jetdirect
EWS +
EWS +
Jetdirect
Jetdirect
EWS+ Jetdirect
EWS
EWS
EWS +
Jetdirect
EWS +
Jetdirect
EWS + Jetdirect
EWS + Jetdirect
EWS +
Jetdirect
EWS +
Jetdirect
FP
FP
N/A
N/A
FP
FP
FP
N/A
EWS
EWS
EWS/WJA +
Jetdirect
EWS/WJA +
Jetdirect
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Yes
HD ver
(from fw
6.0.0.6)
No
No
No
No
No
No
5
Downloaded from ManualsPrinter.com Manuals
EWS/WJA EWS/WJA +
+ Jetdirect
Jetdirect
EWS/WJA EWS/WJA +
+ Jetdirect
Jetdirect
HP Designjet Printer Series
Security Settings
2. Security features available for Large Format scanners
The Multi function printers (MFPs) are made of two main parts: The printer and the scanner. For the printer, the
table above applies, for the scanner please refer to the following table:
Firewall
Antivirus
installation
T1120 SD-MFP
T2300 emfp
Yes
Yes
Yes
Closed systems with very low risk of being infected by a virus, no antivirus is
required
Disable
FTP
WebAccess
&
Access to images
in scanner through
network
Microsoft
patches
DJ 4500MFP/T1100MFP
HD-MFP Series
DJ4520 Scanner, DJ 4500
Scanner, HD Scanner
Security
Install
scanner
software into a
separate PC
Yes
No
Yes
Yes, by default (FTP & EWS Read only)
No
No
Yes through scanner SW update
Possible but not official process
6
Downloaded from ManualsPrinter.com Manuals
No
Not needed (Linux based)
No
HP Designjet Printer Series
Security Settings
3. Security Concepts explanation
3.1
Secure File Erase
Secure File Erase is a feature that manages how files are deleted from the printer’s hard disk.
There are three security modes to the Secure Files Erase feature. These settings can be changed in the Web
JetAdmin.
•
Non-Secure Fast Erase: In this mode, all file pointers to the data (table indexes) are erased.
Temporary data remains on the Hard Disk Drive until the disk space it occupies is needed for
another purpose, and is then overwritten. This is the fastest mode of operation and is the default for
all printers.
•
Secure Fast Erase: In this mode of operation, file pointers are erased and the disk space where the
temporary job was stored is also overwritten with a fixed character pattern. This mode of operation
is slower than Non-Secure Fast Erase, but all data is overwritten.
•
Secure Sanitizing Erase: In this mode of operation, file pointers are erased and the disk space
where the temporary job was stored is repetitively overwritten using an algorithm that prevents any
residual data. This mode of operation may affect product performance. The Secure Sanitizing
Erase mode of operation meets the US Department of Defense 5220-22.m requirements for clearing
and sanitization of disk media. When the Secure Sanitizing Erase feature is enabled, all temporary
files that might contain sensitive data are erased with this method, no temporary files are left after a
job has completed (scan, copy, or print).
Furthermore, if you do not want to store jobs in the printer, you can set the number of jobs to be stored in the
printer’s queue to 0. To configure this setting perform the following:
•
Go to the printer’s front panel,
•
Select the “setup” menu.
•
Select “job management setup.”
For further information, refer to the printer’s user manual, as the actual menu options might change for a specific
printer. The following is an example of how to change the ‘Secure File Erase’ setting for the HP Designjet T1100
printer.
7
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
3.2
Security Settings
Secure Disk Erase
In either of the two secure methods described above, (Secure Fast Erase and Secure Sanitizing Erase), there is
also the option to sanitize the whole disk. The sanitizing method removes any user data in a secure manner, so
the device can be moved out from a secure location to unsecure location. All disk erasing will be done via the
same level of security erase.
This setting can only be used via Web JetAdmin, or the Front Panel “Service menu” which is only accessible
with the help of an HP Support representative.
•
HP Web JetAdmin access: The user interface that manages the Secure File Erase and Secure
Disk Erase functionality is the HP Web JetAdmin. This is the same functionality that is used in the
Web JetAdmin device plug-ins for LaserJet printers, this would enable you can set the same global
options across your fleet of HP LaserJet’s and HP Designjets. The following example shows how to
configure the HP Designjet T2300 using the Web JetAdmin. Note that in the Web JetAdmin this
option is called “Secure Storage Erase”.
8
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
•
Security Settings
Printer’s Front Panel access: Once you have entered into the “Service Menu” with the help of
an HP Support representative, you can perform the Secure Disk Erase, by using the same 3 options
that you have in Web JetAdmin. Note that the name of the feature in the front panel is Disk Wipe
DoD 5220.220M, and the three options are called “Insecure Mode”, “1-pass mode” and “5-pass
mode”
First you need to select the security level and then you can perform the erase operation. The printer will warn
you that it is a process which deletes all data and takes a long time, when you accept the printer begins the
process and displays a progress bar until complete, all data will be wiped in one of the two selectable methods
and the printer’s firmware will be restored.
In the following screens show how to perform a secure hard disk erase in the HP Designjet T2300 printer.
9
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
10
Downloaded from ManualsPrinter.com Manuals
Security Settings
HP Designjet Printer Series
3.3
Security Settings
Control Panel Access Lock
The control panel access is a feature intended for IT administrators, which allows them to lock the device’s
control panel using the HP Web JetAdmin or the printers Embedded Web Server (depending on the printer
model). This feature prevents unauthorized users from accessing the control panel and changing the printer’s
settings. Administrators can specify the level of access as follows:
•
Unlock
•
Minimum lock
•
Moderate lock
•
Intermediate lock
•
Maximum lock
This option can be enabled from the HP Web JetAdmin as shown below:
11
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
This option can be enabled from the T1200 Embedded Web server as shown below:
The following table shows the different levels access and what they enable or disable:
Maximum
Intermediate
Moderate
Minimum
Retrieve Job
OK
OK
OK
OK
Information
---OK
OK
OK
Paper handling
------OK
OK
Configure Designjet
---------OK
Diagnostics
---------OK
•
Maximum Lock – This option denies access to all options.
•
Intermediate Lock – This option denies access to the paper and ink supplies handling options,
maintenance options and demo prints, on top of the Moderate Lock. Only viewing printer and
supplies information is allowed.
•
Moderate Lock – This option denies access to all printer settings, the job queue, information and
service prints and the printer log, on top of Minimum Lock.
•
Minimum Lock – This option denies access to the Resets options, Enable/Disable connectivity
options and the Service Menu.
Note: With the Moderate or Maximum locks set you will not able to load/unload paper or replace
printheads/ink cartridges without first unlocking the front panel, and so these options should only be set in
specific circumstances where the implications are known and understood.
12
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
When the Control Panel is locked, the applicable menus show a ‘lock’ symbol in the front panel. If a user
attempts to enter in a “locked” menu entry, a warning message is displayed.
3.3.1 Deadlock: Front Panel locked + EWS password forgotten
Under certain circumstances, a printer might be blocked if the control panel has been locked and the
administrator has lost the password needed to unlock it. This could happen if the front panel is locked through
the printer’s Embedded Web Server and the Administrative password in the EWS is lost. In this situation, it
would not be possible to unblock the front panel from the Embedded Web Server and it would not be possible
to reset the Embedded Web Server from the front panel.
With HP Designjet Printers there is a menu option accessible to users with the guidance of Customer Support
agents. Contact HP Support in case of problems related to deadlock.
3.4
Embedded Web Server (EWS) multilevel access
The Embedded Web Server is a powerful tool which enables direct management of a device such as an HP
LaserJet printer or an HP Designjet printer, however with no security in place, this tool also has the potential to
have a negative effect on many features, as they can be configured using just a web browser and knowledge of
the IP connection to the printer. To solve this situation we have implemented two levels of access to our
compatible HP Designjet printers as follows:
The Security page enables users to:
•
Restrict access to the printer by setting an administrator user account.
•
Define two levels of access: Administrator and Guest.
•
If the two levels of access have been set, and you have neither of the passwords you will not be
able to gain access to EWS information, see below.
13
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
Administrator password
Access control is enabled by setting the “Admin account password”, specifying a password for the user account
at Admin level. You must then provide the Admin password in order to perform any of the following restricted
operations:
•
Cancel, delete or preview a job in the job queue.
•
Delete a stored job.
•
Clear accounting information.
•
Change printer’s settings on the Device Setup page.
•
Update printer's firmware.
•
Change printer's date and time.
•
Change security settings.
•
View protected printer information pages.
14
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
15
Downloaded from ManualsPrinter.com Manuals
Security Settings
HP Designjet Printer Series
16
Downloaded from ManualsPrinter.com Manuals
Security Settings
HP Designjet Printer Series
Security Settings
If there is no administrator account, restricted operations can be accessed without a password.
3.4.1 Guest password
Once the administrator user account has been set, the administrator can also set the guest user account by
specifying a password for the guest.
If the guest user account is set, a username and password are required for all EWS operations: users
indentified as guests have access to restricted operations, whilst users identified as administrators have access to
all operations.
If the guest account is not set, a username and password are not required for unrestricted operations.
Notes:
•
Some printers only have 1-level password access to the Embedded Web Server.
•
The networking tab of the Embedded Web Server allows you to setup another password. If the
printer has an EWS 1-level or multi-level password, then the networking password is common with
the general EWS password. If the EWS does not have password capabilities then the networking
password is only used for controlling access to the networking area of the EWS.
•
For most printers that have a EWS password capability, it is also possible to setup the admin
password through Web JetAdmin, however only one level can be set so that Guest password
cannot be setup from Web JetAdmin.
17
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
3.5
Security Settings
Exclude personal info from accounting
You can enable or disable the printer to send an e-mail containing accounting information. If you enable this
setting, you have also to fill in the destination of the report using the Send accounting files to setting. Please note
that you also have to configure the e-mail server on the Setup Page.
In some cases customers prefer not to send personal data from the printers via email and so the option Exclude
Personal information from accounting e-mail is now available in the Embedded Web server. If this option is
selected, accounting e-mails will not contain personal information (user name, job name, account ID will be left
blank in the accounting file sent by email from the printer).
Typically this option is used for managed print or pay-per-use contracts to ensure that only the data (counters)
relevant for billing are being sent by the printer. Personal information about who printed which file is not
required for billing purposes, and can be excluded from the accounting email. This personal information is
typically used for cost allocation within a company.
18
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
3.6
Security Settings
Disable connectivity interfaces
Depending on the printer series, there are some ports that can be disabled to prevent unauthorized printing and
possible data theft.
You might want to disable the USB printing port to avoid people from connecting a laptop directly into the
printer and printing through the USB.
If you have installed a JetDirect card to add extra security features, you might want to disable the onboard
Ethernet.
If you enable or disable a connectivity option, the printer will automatically restart. Keep in mind that disabling
a connectivity option could cut off network access to the printer. As a security measure, you cannot disable the
connection you are using to access the Embedded Web server.
Note: Contact HP support in case the printer’s front panel is locked and you cannot unlock it.
19
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
3.7
Security Settings
Disable protocols
In some cases you might want to disable all protocols that you do not plan to use to access your printer. For
example, you might prevent users from sending files through the ftp or connecting through telnet to manage the
printer network settings. You can disable unused protocols through the Mgmt. protocols option in the Embedded
Web Server or Network enable features in Web JetAdmin.
3.8
IPSec
A Firewall or IP Security (IPsec) policy allows you to control traffic to or from the device using network-layer
protocols. Either a firewall or IPsec / firewall pages will appear depending on whether IPsec is supported by the
print server and device. If IPsec is not supported, firewall pages will be displayed and a firewall policy can be
configured.
Please note: Before you enable a firewall or IPsec policy, you should make sure you have a secure access to
your configuration management settings (for example, through an administrator password). This will ensure your
policy is not easily disabled through Telnet, control panel menus, or other management tools.
20
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
Firewall. Use this page to view or configure a firewall policy. A firewall policy consists of up to 10 rules,
where each rule specifies the IP addresses and services allowed by the print server and device. To add a rule,
click ‘Add Rule’. This setting runs a wizard that will help you configure each rule.
IPsec / Firewall. Use this page to view or configure an IPsec / firewall policy. An IPsec / firewall policy
consists of up to 10 rules. As with a firewall policy, each rule specifies the IP addresses and services allowed by
the print server and device. With IPsec support, you can apply IPsec authentication and encryption protocols for
those addresses and services. To add a rule, click ‘Add Rule’. This runs a wizard that will help you configure
each rule.
For a detailed description of wizard settings and additional help, click Jetdirect IPsec/Firewall Help.
3.9
SNMPv3
You can enable and disable the SNMP v3 agent from your printer. You may set up an account that allows a
management application to access the SNMP v3 agent.
21
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
3.10 CA/JD Certificates
You can request, install, and manage digital certificates on the HP JetDirect print server. Certificates are used to
identify the JetDirect print server both as a valid Web server for network clients, and as a valid client requesting
access on a secure network. By default, the JetDirect print server contains a self-signed preinstalled certificate.
3.11 Hide IP from front panel
Some printers includes an option in the Service Menu, accessible with the help of an HP Support agent only,
that allows you to hide all IP information from the printer’s front panel.
3.12 Encrypt web communications
You can securely manage the network device using a Web browser and the HTTPS protocol. To authenticate the
HP JetDirect Web Server when HTTPS is used, you may configure a certificate, or you may use the pre-installed,
self-signed X.509 Certificate. The encryption strength specifies what ciphers the web server will use for secure
communications. Supported cipher suites are DES, RC4, 3DES.
By enabling encryption, the web server encrypts all web communication, forcing all connections to use HTTPS.
Enabling encryption can also be configured to allow both HTTP (unencrypted) and HTTPS connections. In secure
environments, you should choose to encrypt all web communications. Otherwise, sensitive management data
(Administrator Password, SNMP Community Names, and secret keys) may be compromised.
22
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
3.13 Disable USB drive
You can use this option to disable the USB drive preventing somebody connecting a device to print or to scan
images.
3.14 Disable firmware update through USB
This option is used to disable the possibility of upgrading the printer by installing the firmware via a USB device.
3.15 Disable direct print using ePrint&Share
In some printers, when you connect a computer directly with a USB cable, you can print without installing any
driver. This can be done by launching the ePrint&Share application that resides inside the printer. This feature
can disable direct printing so that you cannot print through the USB unless you have the driver (or ePrint&Share)
installed in the computer.
3.16 Disable ePrint connectivity
This feature disables the ePrint Center functionality preventing somebody printing remotely to the printer.
3.17 Disable internet connection
Disable the direct connection of the printer to the internet. This option would also prevent the printer from
automatically performing firmware upgrades.
23
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
3.18 Printer Access control
For some printers, when setting an Embedded Web Server admin password you are also preventing access to
certain front panel features. The features protected in the front panel are:
•
Network connectivity (including also Internet connectivity and Diagnostics&troubleshooting of the
network connectivity)
•
Control firmware upgrades
•
Setup
•
Reset factory defaults
•
External hard disk connection
•
Security
If a user loses the admin password, it is not possible to reset it so the printer would be locked. There is a service
menu option to reset the admin password.
3.19 External hard disk (EHD)
Some printers allow the connection of an external hard disk. Any HP Designjet printer with an internal hard
disk uses is for four main purposes:
•
Store the printer’s firmware & resources (media profiles, demo plots, diagnostic plots).
•
Virtual memory for job processing.
•
Job storage/queue
•
Storage for printer’s accounting data.
The HP Designjet External Hard Disk was designed to fulfill one specific use for those security conscious
customers that want to preserve the confidentiality of the jobs being printed in their HP Designjet printers.
How the system works
1. Connect the External Hard Disk (EHD) into the printer’s USB host port.
2. The printer will detect the EHD and will ask the customer for permission to install it. When the customer
accepts, the printer will perform the following step:
3. A copy will be made of all the customer’s information that is stored in the internal HD and copied to the
external HD.
4. The customer’s internal HD partition will be deleted after a highly secure erasing process (DoD 5220.22M).
5. The printer will be configured to use the EHD as the repository for ALL customer jobs (including the
temporary processing storage area).
6. Once the EHD has being installed, all the customer jobs will ALWAYS be stored in the EHD
7. When the printer is switched off, as a security measure, the EHD can be removed and kept in a secure
location.
Notes:
•
•
•
Once the printer has an EHD installed it can no longer be initialized without it.
If for any reason the installed EHD is no longer available (the customer loses the EHD, or the EHD is
broken), there is a mechanism (through a special bootmode controlled with an specific front panel key
combination) that reconfigures the printer to work without the EHD. However in that particular case, all the
information stored in the EHD is lost.
Once the EHD is installed on a particular printer, it becomes fully tied to it. It is not possible to move this
EHD to another HP Designjet printer without losing the stored information. When the printer detects an EHD
24
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
•
Security Settings
that has been installed on a different printer, it will advise the customer about it. If the customer decides to
go ahead and use the EHD on a different printer, the printer will erase the contents of the EHD (once again,
using the highly secure DoD 5220.22-M process)
The EHD has its own software based encryption mechanism that prevents anyone reading the contents of
the EHD, for instance, by plugging it into a PC. The encryption system is not a standard one and cannot be
considered as an extremely secure encryption mechanism (such as the standard encryption system DES,
RSA, FIPS 140…), but it does add a level of security that makes it difficult when trying to read the contents
by just connecting the disk to a PC.
The EHD is not intended to be used as an USB memory stick, that is, to copy documents from a PC, plug it into
the printer and to print them.
4. Designjet Security features vs LaserJet
HP LaserJet printers have some security features that are not yet available in HP Designjet printers.
As a brief comparison, please find the comparison between HP LJ 9050 series and Designjet T1200 series.
Security Feature
L9050
DJ T1200
Authentication Manager
Yes
No
Control panel lock
Yes
Yes
Device Password
Yes
Yes
Direct Connect Ports (USB/IEEE 1284)
Yes
Yes
File erase mode
Yes
Yes
File system access settings
Yes
No
File system password
Yes
WJA only
Job Held Timeout
Yes
No
Job Retention
Yes
No
PJL Password
Yes
No
Remote FW upgrade
Yes
Yes
25
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
5. Glossary
Active Directory (AD)
Adobe PostScript
Color Access Control
Device Password
(LJ feature)
Domain Naming System
(DNS)
Embedded Web Server
(EWS)
File System Access
settings
(LJ feature)
File System Password (LJ
feature)
Hide IP address from
front Panel
HP Web Jetadmin
IP multicast
IPSec
An advanced, hierarchical directory service that comes with Microsoft
Windows servers (version 2000 or later). It is LDAP-compliant and built on the
domain naming system (DNS) used on the Internet. Workgroups are given
domain names, exactly like Web sites, and any LDAP-compliant client – such
as Windows, Mac, or Unix – can gain access.
Developed by Adobe, this is the standard page description language (PDL)
for the graphics arts industry and commercial printing. Many printing devices
support PostScript with a built-in PostScript interpreter
Settings to determine which users and/or applications are allowed to print in
color
This is equivalent to the designjet’s web server password. It helps protect the
printer from unauthorized access through remote applications
Converts host names and domain names into IP addresses on the internet or
on local networks that use the TCP/IP protocol.
The EWS resides on a hardware device (such as an HP Designjet) or in the
printer firmware. The EWS allows you to review, configure, and change
settings on an HP Designjet after inputting an IP address into a Web browser
from your computer
File system access settings: The File System Access options allows you to
completely disable many of the access points to the printer’s data storage
system. These access points are for various types of usage for the printer. The
options are:
•
PJL disk access
•
SNMP disk access
•
NFS disk access
•
PS disk access
HP recommends enabling PS Disk Access to allow you to print PS files, and
disable the rest
The File System Password feature helps protect the printer’s data storage
system options from unauthorized access. With the File System password
configured, the printer requires the password before it will allow
configurations to features that affect the data storage system. Some of these
features are the Secure disk erase mode, the Secure Storage Erase feature,
and the File System Access options.
Option in the Service Utilities menu of the front panel to show/not show the
Internet Protocol (IP) address of your printer. In that way, only registered users
or network administrations will know the correct address to submit jobs to the
printer
Web-based fleet management software tool for remote installation,
configuration, problem resolution, proactive management, and reporting. For
more information go to; www.hp.com/go/webjetadmin
A one-to-many transmission of data over an IP network.
Internet Protocol Security (IPsec) is a suite of protocols for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a data stream. IPsec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation
of cryptographic keys to be used during the session.
In our case, IPsec is used to protect data flows between the host and the
printer.
26
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Job Held Timeout
(LJ feature)
Job Retention
(LJ feature)
Multicast DNS (mDNS)
PJL Password
(LJ feature)
Remote Firmware
Upgrade
(LJ feature)
Simple Network
Management Protocol
(SNMP)
SNMPv3
Subnet
Authentication Manager
(LJ feature)
Security Settings
This feature is part of the Job Retention feature. It limits a held job to the
selected time, and then the printer deletes it. You should select a reasonable
timeout value for this setting to allow enough time for a user to walk to the
printer to print a job or to allow time for jobs to print in a queue.
This feature provides job retention options such as private job and hold job.
You will be able to ensure that they are present during printing to provide
privacy for documents in the printer output bins.
Also known as Bonjour or Rendezvous, mDNS uses IP multicast with DNS to
provide the capabilities of a DNS server for service discovery in a small
network that does not have a DNS server.
The PJL password feature helps protect the printer from unauthorized
configurations through Print Job Language (PJL) commands. It does not affect
ordinary print jobs. Once the PJL password is configured, the MFP requires it
before it will process any of these commands
This service allows an administrator to use a custom application to upgrade
the printer’s firmware remotely. Since HP recommends using HP Web
Jetadmin to upgrade MFP firmware, you should disable Remote Firmware
Upgrade.
This is a network monitoring and control protocol.
SNMP (Simple Network Management protocol) allows users to manage the
printer using SNMP management tools, such as HP Web JetAdmin. SNMP is
also the protocol for communicating from the printer to the Windows driver.
SNMPv3 provides security through user authentication and data encryption
A logical division of a local area network, which is created to improve
performance and provide security. A subnet limits the number of nodes that
compete for bandwidth.
It allows administrators to secure Device Functions by requiring users to log in
with a specific Log In Method for each Function. For example, users may be
required to log in with an Access Code or PIN to make copies yet be required
to log in with a username and password to send e-mails.
Log In Methods: The following Log In Methods are available with the latest
device firmware upgrade:
Group 1 PIN: Requires users to input a numeric code for access when at the
control panel of the device. The numeric code entered by the walk up user is
compared to the first of two PINs stored on the device by the Administrator.
When the PIN is entered correctly, the user can proceed.
Group 2 PIN: Requires users to input a numeric code for access when at the
control panel of the device. The numeric code is compared to the second of
two PINs stored on the device by the Administrator.
LDAP: Lightweight Directory Access Protocol, Requires users to input a
username and password that are verified by an LDAP server.
HP Digital Send Service (if available): Also known as DSS. Requires users to
enter credentials that are verified by the HP Digital Send Service software.
(HP Digital Send Service software must be available to use this Log In
Method. If no DSS server is associated with this device, walk-up users will not
be required to authenticate before using the device.)
Kerberos: Requires users to enter a username and password to be verified by
a Windows Server
27
Downloaded from ManualsPrinter.com Manuals
HP Designjet Printer Series
Security Settings
For more information
About HP Designjet printers: www.hp.com/go/designjet
About HP WebJetAdmin: www.hp.com/go/webjetadmin
© 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP
products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed
as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.
Adobe™ and PostScript™ are trademarks of Adobe Systems Incorporated, which may be registered in certain jurisdictions.
April 2012
28
Downloaded from ManualsPrinter.com Manuals
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising