Manualshelf

HP Commercial LaserJet Printers and MFPs - Imaging and Printing Security Best Practices

ManualsBrandsHP ManualsPrinterHP LaserJet Pro 400 color Printer M451dn
71727374757677787980
Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 75
Chapter 7: Ramifications
Raising the level of security on HP MFPs requires giving up some conveniences and usability. This
section explains some of the compromises you can expect from configuring the settings
recommended in this checklist. Keep in mind that this is not a comprehensive list. You should test
each MFP in your network environment to understand the implications of these settings and
configurations.
The following sections explain some of the known ramifications of each recommended setting:
Initial Settings
Configuring Advanced Security Settings (ACL, Firewall, LDAP, Kerberos, etc.)
There are many advanced security settings that you may be using as part of your infrastructure
or print solution. These settings should be configured and tested before locking down your
devices with this checklist. If you are unsure how a setting may affect an advanced security
configuration see the advanced security section, or test the setting on a single device before
applying it to your fleet.
Configure HP Secure Hard Disk.
HP Secure Hard Disk is a disk that encrypts all data stored on your hard drive.
Failure to set up this device before setting the NIST checklist or other MFP settings will result in
a loss of all previous settings when the HP Secure Hard Disk is installed and set to encrypt
data.
Once the HP Secure Hard Disk is installed, the hardware encryption is transparent to the
device. It should have no impact on subsequent configurations unless you:
- Remove the HP Secure Hard Disk and install a new one
- Use the “reinitialize” feature which will result in cryptographically erasing your entire
disk, or
- Change the password, which will also result in reinitializing the encrypted disk
Enable SNMPv3
SNMPv3 is a secure protocol that encrypts configuration data transmitted over the network.
Web Jetadmin accesses most of the MFP configuration settings through the MFP SNMP ports.
Once SNMPv3 is configured, the MFPs will prompt for the credentials every time anyone tries
to configure settings using Web Jetadmin or any other tool. However, Web Jetadmin includes a
convenient device cache feature that stores all of the passwords and credentials for each MFP.
Whenever an authorized Web Jetadmin administrator makes a change, Web Jetadmin
automatically provides the credentials without prompting. Thus, the administrator is required to
remember the credentials only when the device cache credentials are outdated. The device
cache is secured by encryption, and Web Jetadmin allows only the authenticated administrator
to log in and manage the MFPs. Be sure to configure a robust password for Web Jetadmin.
With SNMPv3 configured, an unauthorized user attempting to access the MFP configuration
settings will observe a prompt for the SNMPv3 credentials. The MFP will not disclose which
credentials are incorrect; it will only revert to the prompt for credentials.
SNMPv3 causes some slowing of the configuration process due to the additional time taken to
encrypt the data.