HP Printers - Recommended security settings for printers in Zero Trust Environments

HP Printers - Recommended security settings for printers in Zero Trust Environments

This document provides information on the minimum security settings recommended for the following printers on the open internet:

  • HP LaserJet Enterprise printers

  • HP LaserJet Pro printers

  • HP Officejet printers

  • HP Officejet Pro printers

  • HP PageWide Enterprise printers

  • HP PageWide Pro printers

HP provides the best and latest security information available for HP printers. This checklist is intended to help you improve printer security, particularly for printers on networks open to the public internet.

HP printers are shipped in an un-configured state, which allows the customer to configure the printer more easily for their network environment. However, if the printer is not properly configured, it might be vulnerable to intruder attacks. HP strongly recommends configuring minimum security settings for all HP printers to eliminate most security exposures.

For more information about configuring HP printers in network environments, or for more maximum-security recommendations, go to one of the following documents:

  • Best Security Practices for HP Enterprise printers and scanners (c03137192)

  • Best Security Practices in HP LaserJet MFP (for non-FutureSmart business printers) (c03687863)

  • Best Security Practices for HP PageWide Pro printers and HP Web Jetadmin (c05318850)

Recommended Settings

Settings can be configured via the printer's Embedded Web Server (EWS).

To access the EWS, type the printer’s IP address exactly as it appears on the Configuration Page in the browser URL field (e.g., 12.34.567.89) and press Enter.

NOTE:

Security settings can also be configured with HP Web JetAdmin software and/or HP Security Manager.

The following settings are recommendations based on printer usage in TCP/IP network environments using IPPs for printing. Adjust the settings as needed depending on the requirements of your print environment.

NOTE:

Not all settings are available on all printers and the setting options will vary depending on the printer model and firmware version installed, and therefore might be found on different tabs in the EWS. Please refer to the User Guide for printer-specific configuration options.

Network options

  • Enable TCP/IP

  • Enable IPPs Printing

  • Disable 9100 Printing

  • Disable SLP Config

  • Disable LPD Printing

  • Disable Telnet Config

  • Disable FTP Printing

  • Disable WS-Discovery

  • Disable Web Services Print (unless currently in use)

  • Disable TFTP Configuration File

  • Add allowed IPv4 addresses for EWS and print to the Access Control List.

    NOTE:

    If the printer is on the open internet and not configured to limit access to known IP addresses, it is open for public access and potential abuse.

  • Set Encryption Strength to High

  • Enable HTTPS Setting to encrypt all web communication: Encrypt All Web Communication (not including IPP)

  • Disable mDNS Config

    NOTE:

    If you do not have DNS on your network, leave enabled.

  • Configure an SNMP community name and disable the default community name of Public.

  • Disable unused Protocol Stacks. HP recommends the following (unless currently in use):

    • Disable IPX/SPX

    • Disable DLC/LLC

    • Disable AppleTalk/Bonjour

Security options

  • Set the Administrator password (Local Administrator or EWS Administrator password)

    NOTE:

    For customers using a 3rd party partner for Pre-staging configuration of HP Printers, HP recommends the 3rd party service use non-production credentials. The credentials should be immediately changed when added to the customer's production network for confidentiality and protection, as defined in the steps above.

  • Set the PJL Security Password

  • Disable PJL Device Access Commands

  • Disable File System Page (External) Access Settings

    • Disable PJL Drive Access or PJL Disk Access

    • Disable PS Drive Access or PS Disk Access

  • Configure File System Page options

    • Disable PML

    • Disable NFS access

    • Disable Postscript File Access

  • Disable Allow Stored Jobs on this device

  • Disable Remote Printer Firmware Updates

    NOTE:

    This setting will need to be re-enabled any time the printer firmware needs to be updated remotely.

    • Disable Allow firmware upgrades sent as print jobs (port 9100)

    • Disable Allow installation of legacy packages signed with SHA-1 Hashing algorithm

    • Disable Remote Firmware Upgrade

    • Disable SNMP disk access or SNMP access

    • Configure Secure Disk Encryption Mode (AES128 or AES256)

Embedded Web Server options

  • Enable Outgoing Mail

  • Enable Continue button

  • Disable Print Service

  • Disable Incoming Mail

  • Disable Command Invoke

  • Disable Command Download

  • Disable Command Load and Execute

  • Secure the Information tab (if available) or disable the following settings:

    • Disable Cancel Job button

    • Disable Go/Pause/Resume button

Web Services options

  • Disable Web Services

    • Disable HP ePrint (if enabled)

    • Disable proxy services

Wireless options

  • Configure Wireless security (if using wireless connectivity)

https://support.hp.com/

Comments

Post a Comment

Popular posts from this blog

HP LaserJet Pro M404dn, M304, M305, M404, M405 - Order supplies, accessories, and parts

Image
HP LaserJet Pro M404dn, M304, M305, M404, M405 - Order supplies, accessories, and parts Review details about ordering supplies, accessories and parts for your printer. Ordering Find information and links for ordering supplies, parts, and accessories for your printer. Ordering option Ordering information Order supplies and paper www.hp.com/go/suresupply Order genuine HP parts or accessories www.hp.com/buy/parts Order through service or support providers Contact an HP-authorized service or support provider. Order using the HP Embedded Web Server (EWS) To access, in a supported Web browser on your computer, enter the printer IP address or host name in the address/URL field. The EWS contains a link to the HP SureSupply Web site, which provides options for purchasing Original HP supplies. Supplies and accessories Find information about the supplies and accessories that are available for your printer. CAUTION: ...
Read more

HP LaserJet Pro M404dn - Restore the factory-set defaults

Image
HP LaserJet Pro M404dn - Restore the factory-set defaults Restoring the factory-set defaults returns all of the printer and network settings to the factory defaults, and it also deletes any pages that are stored in the memory. It will not reset the page count, tray size, or language. NOTE: Restoring to factory-set defaults will NOT reset the Embedded Web Server (EWS) password. If you lost your EWS password, please contact HP Customer Support. Use the steps in this document to restore the printer to the factory-default settings. NOTE: The steps vary according to the type of control panel. TOUCHSCREEN WITH WHITE BACKGROUND TOUCHSCREEN WITH BLACK BACKGROUND 2-LINE LCD WITH KEYPAD Click the section below for your control-panel type and then follow the steps provided. Touchscreen control panel with white background Follow these steps if your printer has a touchscreen control panel with a white background. TOUCHSCREEN WITH WHITE BACKGROUND From the Home scr...
Read more

HP LaserJet Pro M404dn, HP LaserJet, HP OfficeJet Enterprise, HP PageWide Enterprise - Select the paper size (Windows)

Image
HP LaserJet Pro M404dn, HP LaserJet, HP OfficeJet Enterprise, HP PageWide Enterprise - Select the paper size (Windows) Learn how to select a paper size (or create a custom paper size) for print jobs when printing from Windows. Select the paper size Learn how to select the paper size for your print job from the Office application or app in Windows. From the Office app, select the Print option. Select the printer, and then click Properties, Printer Properties, or Preferences. PRINT DIALOG BOX PRINTER PROPERTIES Click the Paper/Quality tab. PAPER/QUALITY TAB In the Paper sizes drop-down list, select the paper size for your print job, and then click OK. In the Print dialog box, click OK or Print to print the job. Create a custom paper size Learn how to create a custom paper size for your print job from an Office application or app in Windows. In addition to the...
Read more