Manualshelf

HP Enterprise printers and scanners - Imaging and Printing Security Best Practices (white paper)

ManualsBrandsHP ManualsDesktopsHP LaserJet Managed Flow MFP E72525-E72535z - Base Product 25-35 ppm
51525354555657585960
Configure Embedded Web Server Configuration Options. These options limit some of the EWS features that can be
misused:
o Enable Outgoing Mail. The MFP sends some email, such as automatic fax notifications and consumables alerts,
depending on configurations. This Outgoing Mail feature does not affect the MFP send to email functions. It also is not
known to affect network security. If you use fax notification or other automatic email alerts, you should enable
outgoing email.
o Disable Incoming Mail. Some network solutions can send commands to the MFP via email. If your network uses any of
these solutions, you should enable Incoming mail. Otherwise, disable it as a best practice. This setting does not affect
any other use of the MFP. With this setting configured, the MFPs will ignore all incoming emails.
o Disable Cancel Job Button. The EWS provides a Cancel Job button that allows users to cancel jobs that are pending in
the queue. This includes canceling jobs sent by other users. Thus, disabling the Cancel Job button removes the ability
to cancel jobs remotely (and anonymously); however, users will be able to cancel their own jobs from the printer
driver or from the control panel.
o Disable Go Button. The Go button is the EWS Pause/Resume button, which enables users to pause operations, such as
print jobs, indefinitely. Disabling the Go button removes it from the EWS preventing users from delaying jobs or even
denying service to other users; however, users will be able to pause or resume their own jobs from the print driver or
from the control panel.
o Disable Command Invoke. Command Invoke is a legacy feature that does not apply to the MFPs. Disabling it is good
security practice to ensure that all possible access to it is closed.
o Disable Command Download. Command Download is a legacy feature that does not apply to the MFPs. Disabling it is
good security practice to ensure that all possible access to it is closed
o Disable Command Load and Execute. Command Load and Execute accommodates add-on applications (Chailets),
such as workflow programs and job accounting programs. Disabling it stops the MFPs from running Chailets when it
starts up. This function is called Service Loading in the EWS. If your network uses Chailets, you should enable
Command Load and Execute. If not, you should disable it to prevent users from installing this type of application.
You may wish to (turn off the MFPs and turn them on again (power cycle) after disabling Command Load and execute.
This will stop applications that may be already loaded and running.
With this setting configured, the MFPs will ignore all add-on applications, which will include any solution that is
required to load at boot.
If a solution stops working after disabling Command Load and Execute we recommend re-enabling this setting followed by
a power cycle of your MFP.
Configure the Embedded Web Server Password. The EWS password restricts access to the configuration settings in the
EWS. When configured, the MFP requires the password whenever anyone or any application attempts to make changes to
the EWS settings. Keep in mind that the settings provided in the EWS are also accessed by Web Jetadmin. Thus, the MFPs
will require the EWS password from Web Jetadmin whenever it attempts to access these settings.
Web Jetadmin keeps all passwords and credentials in the encrypted device cache. It will automatically provide the EWS
password to the MFPs whenever they MFPs prompt for it.
The EWS password is synchronized with the device password, which is recommended later in this checklist. Whenever you
change either password, the MFP will change the other one to be the same.
Disable Print Service. Print service allows users to send print-ready files such as PDF files directly to MFPs for immediate
printing. This feature is available to anyone who has access to the EWS. Disabling it ensures that only users with the MFP
Print driver installed can send print jobs to the MFPs.
With Print Service disabled, the print options do not appear on the EWS.
Disable Enable Host USB Leaving this option enabled could allow people without access to your network print documents
from your devices at walk up. We recommend that this feature be Disabled. Disabling this feature will not affect your
smart card solution or Host USB functionality.