Manualshelf

HP Enterprise printers and scanners - Imaging and Printing Security Best Practices (white paper)

ManualsBrandsHP ManualsDesktopsHP LaserJet Managed Flow MFP E72525-E72535z - Base Product 25-35 ppm
12345678910
Tampering with Data
Tampering with data can include any method of changing, destroying, or adding to information that is flowing to or from a device
or stored on it. Here are some ways tampering with data can relate to MFPs:
Canceling another person's job. Someone could use a remote access tool to cancel pending jobs. The person who sent a
cancelled job gets no warning; only part or none of the job is printed.
Intercepting a print job before it reaches the device, altering it, and sending it on to the device.
Intercepting remote configuration data, such as communications between Web Jetadmin and the device, to get passwords
and other information
You can minimize the risks from data tampering in the following ways:
Disable Cancel Job button.
Disable Go (Pause) button.
Configure SNMPv3.
Prevent unnecessary remote access: close down all unused ports and protocols.
Set the PJL and File System password.
Configure HTTPS for EWS access.
Repudiation
Repudiation is using an MFP without leaving usage information. This includes preventing the MFP from logging data or bypassing
security checks such as user authentication. This also includes finding ways to use an MFP without paying by bypassing job
accounting software. Here are some ways repudiation can relate to MFPs:
Accessing usage logs to delete entries
Removing origination information from file metadata
Bypassing user authentication
Using remote management software to access the MFP
You can minimize the risks of repudiation in the following ways:
Enable embedded IPsec to encrypt the data stream to include log data and file metadata
Close unused ports and protocols.
Save copies of log data at a separate location
Add security solutions such as smartcard, swipe-card and thumbprint readers
Information Disclosure
Information disclosure is gathering information from an MFP and providing it to unauthorized users. This can include
authentication information, usage log information, or information from the contents of a job. Such data stored on your hard drive is
considered ‘at rest’ while data being transmitted by your MFP device is considered ‘in transit’. Here are some ways information
disclosure can relate to an MFP:
Reading stored print jobs on the MFP hard drive.
Downloading log information
Downloading address books
6