HP LaserJet Enterprise, Managed - Overview of the Secure by Default settings for HP Solutions (white paper)

ManualsBrandsHP ManualsDesktopsHP LaserJet Enterprise M506x

Technical White Paper

HP Solutions – Working with Secure by Default

Settings

April 2018

Table of contents

Overview 2

Secure by Default Settings 2

1. “Enable Cross-site Request

Forgery (CSRF) prevention” 3

2. “Enable PJL Device Access

ommands” 3

3. “Enable PJL Drive Access” 3

Managing the Settings 3

1. Embedded Web Server (EWS) 3

2. HP Web JetAdmin (WJA) 3

3. HP Security Manager (HP SM) 4

Summary of content (4 pages)

PAGE 1
Technical White Paper HP Solutions – Working with Secure by Default Settings April 2018 Table of contents Overview 2 Secure by Default Settings 1. “Enable Cross-site Request Forgery (CSRF) prevention” 2. “Enable PJL Device Access Commands” 3. “Enable PJL Drive Access” 2 Managing the Settings 1. Embedded Web Server (EWS) 2. HP Web JetAdmin (WJA) 3.
PAGE 2
Overview Secure by Default refers to updated default settings for a suite of security features implemented in HP FutureSmart firmware to make printers and MFPs more secure “out of box”. Some of these updated settings may block installation or configuration of certain solutions that require agents to be installed on the device.
PAGE 3
1. “Enable Cross-site Request Forgery (CSRF) prevention” This feature is enabled by default and is designed to prevent browser redirection to a malicious webserver. It can also prevent legitimate interactions with the device such as Solution configuration that are dependent on HTTP Post methods. Important: In FutureSmart bundle 4.6, this feature protects against CSRF risks and may potentially impact Solutions. 2. “Enable PJL Device Access Commands” This feature is disabled by default.
PAGE 4
3. HP Security Manager (HP SM) For customer fleets managed by HP SM, be aware that HP SM may try to re-implement Secure by Default settings during your solution maintenance. NOTE: HP SM compatibility with Secure by Default settings was introduced in version 3.1. You may need to temporarily disable HP SM while you are configuring or installing solutions. support.hp.com Current HP driver, support, and security alerts delivered directly to your desktop Public © Copyright 2018 HP Inc.