Manualshelf

HP Enterprise printers and scanners - Imaging and Printing Security Best Practices (white paper)

ManualsBrandsHP ManualsDesktopsHP LaserJet Managed Flow MFP E72525-E72535z - Base Product 25-35 ppm
51525354555657585960
Input Auto Continue Timeout. Configure Auto Continue Timeout to setting of your choice.
Enable Job Hold Timeout. Job Hold Timeout is related to the Job Retention setting below. It permanently deletes stored jobs
(except fax) that are held past the allowed time. This ensures that the stored jobs are not accessible after a time, and it
ensures that the hard drive is cleared periodically.
Job Hold Timeout requires that users are mindful of their print jobs. They will not be able to recover jobs that are deleted after
the timeout period. Jobs are deleted securely according to the Secure File Erase setting (appears later in this checklist).
Enable Job Retention. Job Retention is a feature of the MFP that saves fax or print jobs on the hard drive for printing when the
user is present. The security implication is that a user can be sure others will not be able to see the printed documents. For
printing, a user sets the PIN at the time of sending the print job to the MFP. For fax printing, the PIN is configured for all
incoming jobs using Web Jetadmin. The MFP will require the PIN number at the control panel before it will print the job.
Configuring Job Retention enables more efficient use of the MFP hard drive. Thus, you should configure Job Hold Timeout and
other related settings.
Enable Job Storage Limit. Job Storage Limit when enables is set to a default of 32. Adjust accordingly to your print job needs.
NOTE:
Stored faxes are not affected by the Job Hold Timeout.
Network Options
Disable e-Print. Unless e-Print, HP Web Services, or other applications are a critical part of your print environment we
recommend disabling these features. If you are using the e-print enterprise server and not the HP cloud for e-Print you should
refer to your administrators guide for any special settings that may be required to secure your solution.
Configure Error Handling. Choose the setting that best fits your security need.
Configure HTTP Idle Timeout. The HTTP Idle Timeout option configures the amount of time an HTTP connection to the device
remains open. This can prevent the need to physically go to the device when you have problem jobs that lack proper end of job
signals or other hung connections. Enabled on default and set to a 15 second timeout.
Configure Enable Features options (do not disable EWS Config at this point). These options enable or disable various
supported features for the MFP. These features are designed for access and convenience on the network, but they should be
disabled when not in use (sometimes only for best-practice control of the networking capabilities). The following list explains
the ramifications of each feature:
o Disable Telnet Config. Telnet Config is an access point used by some older (legacy) printer management tools.
Jetdirect also supports some Telnet commands. Telnet Config transmits data in clear text, and it should not be used.
With it disabled, MFPs will deny access to Telnet sessions.
Web Jetadmin does not use Telnet Config; thus disabling it has no effect on it. It disables other tools, but Web
Jetadmin is the only solution recommended for managing HP MFPs.
o Disable SLP Config. SLP Config accommodates software using SLP as a discovery mechanism. For example, disabling
SLP Config on some Novell networks (depending on how Novell is configured) would cause Novell to not recognize the
MFPs on the network. Thus, if your network uses these features of Novell, you should enable SLP Config. If you use
software other than HP Web Jetadmin with your HP MFPs please test this feature before disabling it. HP Web Jetadmin
is not affected by this setting,
o Disable FTP Printing. FTP Printing enables files to be sent to the printer via FTP for printing on the MFP, enabling FTP
Printing also allows you to upgrade your printer firmware by sending the firmware via FTP. HP recommends disabling
it and using Web Jetadmin to upgrade firmware. MFPs will deny access to FTP sessions.
o Disable LPD Printing. LPD Printing is the protocol necessary for printing in UNIX, HPUX, or Linux environments. You
should disable LPD Printing unless your network includes UNIX workstations that might print using the MFPs. With this
option disabled, MFPs will deny access to UNIX machines.