Security features (V.38.xx)

Security features (V.38.xx)

The HP Jetdirect print server security features minimize unauthorized access to network parameters and other stored data. The features differ depending on the print server product and the firmware version, and are limited on value-featured print servers.

HP Jetdirect Print Servers caution Security features (V.38.xx) CAUTION:

Although the basic HP Jetdirect security features can protect sensitive data, no method can fully prevent unauthorized access.

For advanced security needs, contact HP Consulting services.

A summary of the basic security features provided by HP Jetdirect print servers are listed in the following table.

Summary of HP Jetdirect security features
Secure Embedded Web Server Management

Securely access the embedded Web server. A pre-installed, self-signed HP Jetdirect certificate provides HTTPS access to the embedded Web server from your Web browser.

Install a digital certificate issued by a trusted third party to configure the print server as a trusted site.

Configure security settings using the security configuration wizard.

Configure full-featured print servers with EAP/802.1X server-based authentication.

Control IP traffic using Firewall or IPsec policies. Use Firewall rules to allow or drop IP traffic based on IP addresses and services. Internet protocol security (IPsec) rules add the security benefits of authentication and encryption.
Network Protocol Control

Enable or disable network printing, printing services, device discovery, and management protocols on the HP Jetdirect print server. Prevent unauthorized access by disabling unused or unnecessary protocols.

Enable or disable protocols using Telnet (IPv4), embedded Web server, or HP Web Jetadmin (IPv4).
IP Administrator Password

Restrict access to HP Jetdirect configuration parameters by setting the administrator password. The password is required by Telnet (IPv4), HP Web Jetadmin (IPv4), and the embedded Web server.

Use up to 16 alphanumeric characters.

Set the password using TFTP (IPv4), Telnet (IPv4), embedded Web server services, or HP Web Jetadmin (IPv4).

Synchronize as the SNMP Set Community Name used in HP Web Jetadmin (IPv4) SNMP v1/v2c Set commands, if configured through the embedded Web server.

Cleared by cold reset of the print server to factory default settings.
IPv4 Access Control List
HP Jetdirect Print Servers note Security features (V.38.xx) NOTE:

The Firewall feature provides improved security and can be used in place of the IPv4 ACL.

Specify up to 10 IPv4 host systems, or IPv4 networks of host systems, that are allowed access to the HP Jetdirect print server and the attached network device. (If the list is empty, then all hosts are allowed access.)

Access is generally limited to host systems specified in the list.

Host systems that use HTTP, such as the embedded Web server or IPP, are not checked against entries in the access list and are allowed access. However, you can disable HTTP host access using the embedded Web server.

Configured on the HP Jetdirect print server using TFTP (IPv4), Telnet (IPv4), embedded Web server, or SNMP (IPv4) management software.
Telnet Control

Telnet (IPv4) access is not secure. You can disable Telnet using the embedded Web server (see Embedded Web server (V.38.xx)).
Authentication and Encryption
Certificate management for X.509v3 digital certificates is provided through the embedded Web server, for both client-based and server-based authentication. A self-signed HP Jetdirect certificate is pre-installed, which can be replaced. On full-featured print servers, a CA certificate can also be installed.
IPv4/IPv6 SNMP v1/v2c Set Community Name (IP/IPX)
(SNMP v1/v2c only)

A password on the HP Jetdirect print server that allows incoming SNMP Set commands to write (or set) HP Jetdirect configuration parameters.

SNMP Set commands must contain the user-assigned community name, which is authenticated by the print server before the command is performed.

On IP networks, you can restrict authentication of SNMP Set commands to systems on the ACL.

Configured on the HP Jetdirect print server using TFTP (IPv4), Telnet (IPv4), embedded Web server, or Management application services.

SNMP v1/v2c uses plain text, which you can disable.
IPv4/IPv6 SNMP v3
(For full-featured print servers only)

SNMP v3 agent on the HP Jetdirect print server provides secure, encrypted communications with an SNMP v3 management application, such as HP Web Jetadmin.

Supports creation of an SNMP v3 account when it is enabled through the embedded Web server. The account information can be integrated on SNMP v3 management applications.

Supports seamless SNMP v3 account creation and management from HP Web Jetadmin.
HP Web Jetadmin (IPv4) Password and Profiles

Access control to HP Jetdirect configuration parameters through the HP Jetdirect IP administrator password, which you can configure from HP Web Jetadmin (IPv4), Telnet (IPv4), or the embedded Web server.

HP Web Jetadmin provides access control through user profiles, which allow password protection for individual profiles and controlled access to HP Jetdirect and printer features.

(For full-featured print servers only) You can use HP Web Jetadmin to enable the IPv4/IPv6 SNMP v3 agent on the print server, and create an SNMP v3 account for secure, encrypted management.
Printer Control Panel Lock

Selected HP printers provide a control panel lock that prevents access to HP Jetdirect print server configuration parameters. In many cases, management applications (such as HP Web Jetadmin) can remotely set the lock. To determine whether your printer supports a control panel lock, see your printer documentation.
Configuration Precedence Table

To control the configuration of various TCP/IP parameters using the different tools supported by the print server, a Configuration Methods precedence table is provided. Access the precedence table through the embedded Web server interface. By default, manual configuration methods have precedence over other methods (such as DHCP or TFTP). By changing the precedence order, the control of configuration parameters can be enhanced.
HP Jetdirect Print Servers Security features (V.38.xx)