Manualshelf

HP Enterprise printers and scanners - Imaging and Printing Security Best Practices (white paper)

ManualsBrandsHP ManualsDesktopsHP LaserJet Managed Flow MFP E72525-E72535z - Base Product 25-35 ppm
51525354555657585960
Secure Fast Erase mode overwrites files one time. It slows MFP performance a bit, but it provides reasonable security for
most situations.
Secure Sanitizing Erase overwrites files 3 times. It slows MFP performance considerably, but it provides even more
assurance that the data is not recoverable. If your network is required to meet stringent security requirements such as
DOD regulations, you should use Secure Sanitizing Erase.
Digital Sending Options
Configure Auto Reset Send Settings to Delay before resetting the default settings and type a number of seconds to
delay. This setting enables the MFPs to remove email addresses or fax information from the control panel if a user forgets
to reset it. The authenticated user performing a digital send job is also automatically logged off.
With the timeouts configured, an MFP control panel will revert to the default screen, and a user will not be able to reuse
addresses and other destination data beyond the timeout period.
Configure the Default ‘From:’ Address and select Prevent users from changing the Default ‘From:’ Address. The Default
‘From:’ Address setting allows you to place a standard and consistent address in the From field of emails sent from the
MFP. Selecting Prevent users from changing the default from address ensures that users are unable to tamper with the
address in the From field, and that it is automatically populated with the default or the authenticated users email address.
These features ensure that nobody can use the MFP to spoof identity or provide erroneous addresses. Consider using a
‘From:’ address that describes the location or the type of MFP or use a real address to monitor reply messages.
With the Default ‘From:’ Address configured, no one can change the ‘From:’ address in email messages. The address you
configure is the only address anyone can use.
Final Configurations
Disable Direct Ports. This setting shuts down the MFP parallel ports. It restricts access to only network connections.
Shutting down the parallel ports ensures that no one can configure the MFPs or print using these connections. Thus, users
will not be able to bypass job accounting or restricted access, such as color printing, by using alternative connections.
This setting causes the MFPs to turn off and turn on. They will be out of service during this time. This is also the reason this
setting should be configured independently of other setting configurations. If you attempt to configure this setting with
other settings, the other settings will likely fail. This is because Web Jetadmin temporarily loses contact with each MFP
while the MFP is restarting. Be sure to wait a few minutes until all of the MFPs are online and ready before executing
another configuration.
With Direct Ports disabled, the parallel and USB ports are turned off, and the MFPs behave as if the ports do not exist.
Disable EWS Config. Disabling EWS Config removes the EWS from the network. They become unavailable to everyone. This
eliminates many risks to security.
Keep in mind that disabling EWS Config also eliminates the affected settings from Web Jetadmin. Thus, you will have to
enable EWS Config temporarily to make changes to the configurations, and then disable it again.
With EWS Config disabled, the MFPs will not provide the EWS on the network. Web browsers will return with no such web
site found. This removes some conveniences that EWS provide, but all of the functions that you would want to provide to
users are available using the MFP drivers or the control panels.
Overall Limitations
60