Manualshelf

Multifunction Peripheral (MFP) Security for Enterprise Environments

ManualsBrandsHP ManualsDesktopsHP LaserJet 4101 Multifunction Printer
12345678910
MFP Security White Paper
8
The following recommendations can be a starting point for securing your imaging and printing infrastructure:
Treat MFPs and networked printers as any other network server – Networked MFPs and printers offer
much of the same capabilities as general purpose servers. Integrate MFPs and printers into vulnerability
scans, and into intrusion detection systems, and audit for compliance of policies.
Set Passwords – The most overlooked element of hardcopy security is failing to secure the management
interfaces via proper passwords. Setting the administrator password provides significant benefits with
little effort.
Use Web Jetadmin for enterprise-wide hardcopy management – Web Jetadmin allows the consistent
management of large numbers of networked MFPs and printers. WJA simplifies the discovery and
tracking of newly added devices.
Use “secure” protocols in lieu of insecure protocols – HP has removed the complexity of enabling
encryption. The use of SNMPv3 for Web Jetadmin or HTTPS and TLS/SSL for Embedded Web
Management requires no extra effort, however provides encryption of network communications.
Disable unused protocols and services – unused, and ignored, protocols and services are a common
backdoor for attack.
Use printer spooler access controls – common print spoolers are tightly integrated with the operating
system, allowing for user-level access control for printing.
Use IP Access Control Lists – used in conjunction with spooler and management console authentication,
IP Access Control Lists can ensure only authorized users may print to, and manage, an MFP.
Physically lock the disk – while it is possible to encrypt the content of the hard disk drive for network
prints, ultimate security of the drive can only be provided if it cannot be removed.
Utilize JetCAPS partners for increased hardcopy security – HP has developed partnerships through the
JetCAPS program to provide leading security solutions for hardcopy environments.
4 Acronyms
AES: Advanced Encryption Standard, chosen by IEEE 802.11i security task group and endorsed for secure
government use; there is no known technique to break this code.
CIFS: Common Internet File System; defines a standard remote file-system access protocol for use over the Internet,
enabling groups of users to work together and share documents across the Internet or within corporate
intranets.
DoD: Department of Defense.
DSS: Digital Sending Software; enables users to distribute information securely via Novell and Windows
authentication to Internet and LAN fax servers, network folders, and workflow applications.
EAP: Extensible Authentication Protocol, a Point-to-Point Protocol extension used by 802.1x; enhanced by TLS
(Transport Layer Security) which provides mutual authentication and dynamic keying. Combined with AES,
EAP-TLS is the holy grail of wireless LAN security.
EAP-MD5: Extensible Authentication Protocol-Message Digest 5. EAP-MD5; an EAP security algorithm developed by
RSA Security that uses a 128-bit generated number string, or hash, to verify the authenticity of a data
communication
EAP-TLS: EAP/Transport Layer Security. A high-security version of EAP that requires authentication from both the client
and the server. If one of them fails to offer the appropriate authenticator, the connection is terminated
EWS: Embedded Web Server.
HTTP: Hypertext Transmission Protocol.