Manualshelf

Multifunction Peripheral (MFP) Security for Enterprise Environments

ManualsBrandsHP ManualsDesktopsHP LaserJet 4101 Multifunction Printer
12345678910
MFP Security White Paper
7
Networked Printing
MFPs use simple print protocols to receive print jobs from remote clients. The two common print protocols are
LPR and “raw” Port 9100. Neither protocol provides encryption or access controls; however these features
are typically integrated with other components of the system, including spoolers and encryption modules.
Spoolers and Access Control
Spoolers have evolved from simple services managing printer resource contentions between multiple users, to
specialized servers able to provide sophisticated enterprise-integrated access controls, printer discovery, and
client printer driver distribution.
The spooler acts as an intermediary between users and printers. All user print jobs are directed to the spooler,
which may then prioritize their delivery to the appropriate printer. The print protocol used between user and
spooler typically differs from that used between the spooler and the printer, allowing for increased capabilities
such as access control. Microsoft spoolers use the CIFS protocol for both network printing and file sharing
operations.
Access controls within the spooler may be integrated with the security policies used elsewhere in the IT
environment. Users may be assigned access to specific printers or capabilities. Network administrators may
audit usage through the spooler.
IP Access Control List
The IP Access Control List allows selected, or ranges of selected, IP addresses access to the MFP. The IP
Access Control List may be used to limit printer accessibility to selected computers. IP ACLs do not provide
“user” authentication however, and the ACLs are typically used to enforce the access restrictions provided by
a print spooler.
Print Encryption
Encryption of print data is provided by the JetCAP SecureDIMM II accessory module. The SecureDIMM II uses
AES encryption to secure the confidentiality and integrity of print jobs from originating clients, through all
network transmissions and storage operations on print spoolers, to the MFP. While stored on the MFP’s
internal hard disk drive, the print job remains encrypted.
3 Recommendations
While the networked imaging and printing environment has to date not been a primary target for network
attacks, this cannot always be assured. As hackers find traditional servers more difficult to exploit, they will
look for other targets. It is important that administrators not wait until after they have been attacked before
securing their environment. Tangible losses can be the result of an unsecured imaging and printing
infrastructure; from loss of productivity due to denial of service attacks, to losses of consumables due to
unauthorized use.
HP has enabled MFPs and networked hardcopy devices with extensive security capabilities, enabling the
imaging and printing infrastructure to be integrated with the security policies of the existing infrastructure. HP
has also done extensive testing on imaging and printing devices and solutions to ensure their robustness.