HP Designjet T1100 A1 User Manual
Have a look at the manual HP Designjet T1100 A1 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
HP Designjet Printer Series Security Settings 21 Firewall. Use this page to view or configure a f irewall policy. A firewall policy consists of up to 10 rules, where each rule specifies the IP addresses and services allowed by the print server and device. To ad d a rule, click ‘Add Rule ’. This setting runs a wizard that will help you configure each rule. IPsec / Firewall . Use this page to view or configure an IPsec / firewall policy. An IPsec / firewall policy consists of up to 10 rules. As with a f irewall policy, each rule specifies the IP addresses and services allowed by the print server and device. With IPsec support, you can apply IPsec authentication and encryption protocols for those addresses and services. To add a rule, click ‘Add Rule’. This runs a wiza rd that will help you configure each rule. For a detailed description of wizard settings and additional help, click Jetdirect IPsec/Firewall Help. 3.9 SNMPv3 You can enable and disable the SNMP v3 agent from your printer. You may set up an account that allows a management application to access the SNMP v3 agent.
HP Designjet Printer Series Security Settings 22 3.10 CA/JD Certificates You can request, install, and manage dig ital certificates on the HP JetDirect print server. Certificates are used to identify the Jet Direct print server both as a valid Web server for network clients, and as a valid client requesting access on a secu re network. By default, the JetD irect print server contains a self -signed preinstalled certificate. 3.11 Hide IP from front panel Some printers includes an option in the Service Menu, accessible with the help of an HP Support agent only, that allows you to hide all IP information from the printer ’s front panel. 3.12 Encrypt web communications You can securely manage the network device using a Web browser and the HTTPS protocol. To authenticate the HP JetDirect Web Server when HTTPS is used , yo u may configure a certificate, o r you may use the pre-installed, self -signed X.509 Certificate. The encryption strength specifies what ciphers the w eb server will use for secure communications. Supported cipher suites are DES, RC4, 3DES. By enabling encryption, the w eb server encrypts all web communication , forcing all connections to use HTTPS. E nabling encryption can also be configured to allow both HTTP (unencrypted) and HTTPS connections. In secure environments, you should choose to encrypt all web communications. Otherwise, sensitive management data (Ad ministrator Password, SNMP Community Names, and secret keys) may be compromised.
HP Designjet Printer Series Security Settings 23 3.13 Disable USB drive You can use this option to disable the USB drive preventing somebody connecting a device to print or to scan images. 3.14 Disable firmware update throug h USB This option is used to disable the possibility of upgrading the printer by installing the firmware via a USB device . 3.15 Disable direct print using ePrint&Share In some printers, when you connect a computer directly with a USB cable, you can print without installing any driver. This can be done by launching the ePrint&Share application that resides inside the printer. This feature can disable direct printing so that you cannot print through the USB unless you have the driver (or ePrint&Share) installed in the computer. 3.16 Disable ePrint connectivity This feature disables the ePrint Center functionality preventing somebody printing remotely to the printer . 3.17 Disable internet connection Disable the direct connection of the printer to the i nternet. This option would also prevent the printer from automatic ally performing firmware upgrades.
HP Designjet Printer Series Security Settings 24 3.18 Printer Access control For some printers, when setting an Embedded Web Server admin password you are also preventing access to ce rtain front panel features. The features protected in the front panel are: • Network connectivity (including also Internet connectivity and Diagnostics&troubleshooting of the network connectivity) • Control firmware upgrades • Setup • Reset factory defaults • External hard disk connection • Security If a user loses the admin password, it is not possible to reset it so the printer would be locked. There is a service menu option to reset the admin password. 3.19 External hard disk (EHD) Some printers allow the connecti on of an external hard disk. Any HP Designjet printer with an internal hard disk uses is for four main purposes: • Store the printer’s firmware & resources (media profiles, demo plots, diagnostic plots). • Virtual memory for job processing. • Job storage/queue • Storage for printer’s accounting data. The HP Designjet External Hard Disk was designed to fulfill one specific use for those security conscious customers that want to preserve the confidentiality of the jobs being printed in their HP Designjet printers. How the system works 1. Connect the External Hard Disk ( EHD) into the printer’s USB host port . 2. The printer will detect the EHD and will ask the customer for permission to install it. When the customer accepts, the printer will perform the following step : 3. A c opy will be made of all the custome r’s information that is stored in the internal HD and copied to the external HD . 4. The customer’s internal HD partition will be deleted after a highly secure erasing process ( DoD 5220.22 - M). 5. The printer will be configured to use the EHD as the repository for ALL customer jobs (including the temporary processing storage area) . 6. Once the EHD has being installed, all the customer jobs will ALWAYS be stored in the EHD 7. When the printer is switched off, as a security measure, the EHD can be removed and kept in a secure location . Notes: • Once the printer has an EHD installed it can no longer be initialized without it. • If for any reason the installed EHD is no longer available (the customer loses the EHD, or the EHD is broken), there is a mechanism (through a special bootmode controlled with an specific front panel key combina tion) that reconfigures the printer to work without the EHD . However in that particular case, all the information stored in the EHD is lost. • Once the EHD is installed on a particular printer, it becomes fully tied to it. It is not possible to move this EHD to another HP Designjet printer without losing the stored information. When the printer detects an EHD
HP Designjet Printer Series Security Settings 25 that has been installed on a different printer, it will advise the customer about it. If the customer decides to go ahead and use the EHD on a different printer, the printer will erase the contents of the EHD (once again, using the highly secure DoD 5220.22- M process) • The EHD has its own software based encryption mechanism tha t prevents anyone reading the contents of the EHD, for instance, by plugging it into a PC. The encryption system is not a standard one and cannot be considered as an extremely secure encryption mechanism ( such as th e standard encryption system DES, RSA, FIPS 140…), but it does add a level of security that makes it difficult when trying to read the contents by just connecting the disk to a PC. The EHD is not intended to be used as an USB memory stick, that is, to copy documents from a PC, plug it into the printer and to print them. 4. Designjet Security features vs LaserJet HP LaserJet printers have some security features that are not yet available in HP Designjet printers. As a brief comparison, please find the comparison between HP LJ 9050 seri es and Designjet T1200 series. Security Feature L9050 DJ T1200 Authentication Manager Yes No Control panel lock Yes Yes Device Password Yes Yes Direct Connect Ports (USB/IEEE 1284) Yes Yes File erase mode Yes Yes File system access settings Yes No File system password Yes WJA only Job Held Timeout Yes No Job Retention Yes No PJL Password Yes No Remote FW upgrade Yes Yes
HP Designjet Printer Series Security Settings 26 5. Glossary Active Directory (AD) An advanced, hierarchical directory service that comes with Microsoft Windows servers (version 2000 or later). It is LDAP -compliant and built on the domain naming system (DNS) used on the Internet. Workgroups are given domain names, exactly like Web sites, and any LDAP -compliant client – such as Windows, Mac, or Unix – can gain access. Adobe PostScript Developed by Adobe, this is the standard page description language (PDL) for the graphics arts industry and commercial printing. Many printing devices support PostScript with a built- in PostScript interpreter Color Access Control Settings to determine which users and/or applications are allowed to print in color Device Password (LJ feature) This is equivalent to the designjet’s web server password. It helps protect the printer from unauthorized access through remote applications Domain Naming System (DNS) C onverts host names and domain names into IP addresses on the i nternet or on local networks that use the TCP/IP protocol. Embedded Web Server (EWS) The EWS resides on a hardware device (such as an HP Designjet) or in the printer firmware. The EWS allows you to review, configure, and change settings on an HP Designjet after inputtin g an IP address into a Web browser from your computer File System Access settings (LJ feature) File system access settings: The File System Access options allows you to completely disable many of the access points to the printer ’s data storage system. T hese access points are for various types of usage for the printer. The options are: • PJL disk access • SNMP disk access • NFS disk access • PS disk access HP recommends e nabling PS Disk Access to allow you to print PS files, and disable the rest File System Password (LJ feature) The File System Password feature helps protect the printer ’s data storage system options from unauthorized access. With the File System password configured, the printer requires the password before it will allow configurations to features that affect the data storage system. Some of these features are the Secure di sk erase mode, the Secure Storage Erase feature, and the File System Access options. Hide IP address from front Panel Option in the Service Utilities menu of the front panel to show/not show the Internet Protocol (IP) address of your printer. In that way , only registered users or network administrations will know the correct address to submit jobs to the printer HP Web Jetadmin Web-based fleet management software tool for remote installation, configuration, problem resolution, proactive management, and reporting. For more information go to; www.hp.com/go/webjetadmin IP multicast A one -to -many transmission of data over an IP network. IPSec Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includ es protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. In our case, IPsec is used to protect data flows between the host and the printer .
HP Designjet Printer Series Security Settings 27 Job Held Timeout (LJ feature) This feature is part of the Job Retention feature. It limits a held job to the selected time, and then the printer deletes it. You should select a reasonable timeout value for this setting to allow enough time for a user to walk to the printer to print a j ob or to allow time for jobs to print in a queue. Job Retention (LJ feature) This feature provides job retention options such as private job and hold job. You will be able to ensure that they are present during printing to provide privacy for documents i n the printer output bins. Multicast DNS (mDNS) Also known as Bonjour or Rendezvous, mDNS uses IP multicast with DNS to provide the capabilities of a DNS server for service discovery in a small network that does not have a DNS server . PJL Password (LJ feature) The PJL password feature helps protect the printer from unauthorized configurations through Print Job Language (PJL) commands. It does not affect ordinary print jobs. Once the PJL password is configured, the MFP requires it before it will process any of these commands Remote Firmware Upgrade (LJ feature) This service allows an administrator to use a custom application to upgrade the printer’s firmware remotely. Since HP recommends using HP Web Jetadmin to upgrade MFP firmware, you should disable Remote Firmware Upgrade. Simple Network Management Protocol (SNMP) This is a network monitoring and control protocol . SNMPv3 SNMP (Simple Network Management protocol) allows users to manage the printer using SNMP management tools, such as HP Web JetAdmin. SNMP is also the protocol for communicating from the printer to the Windows driver. SNMPv3 provides security through user authentication and data encryption Subnet A logical division of a local area network, which is created to improve performan ce and provide security. A subnet limits the number of nodes that compete for bandwidth . Authentication Manager (LJ feature) It allows administrators to secure Device Functions by requiring users to log in with a specific Log In Method for each Function. For example, users may be required to log in with an Access Code or PIN to make copies yet be required to log in with a username and password to send e -mails. Log In Methods: The following Log In Methods are available with the latest device firmware upgrad e: Group 1 PIN: Requires users to input a numeric code for access when at the control panel of the device. The numeric code entered by the walk up user is compared to the first of two PINs stored on the device by the Administrator. When the PIN is entered correctly, the user can proceed. Group 2 PIN: Requires users to input a numeric code for access when at the control panel of the device. The numeric code is compared to the second of two PINs stored on the device by the Administrator. LDAP: Lightweight Directory Access Protocol, Requires users to input a username and password that are verified by an LDAP server. HP Digital Send Service (if available): Also known as DSS. Requires users to enter credentials that are verified by the HP Digital Send Service sof tware. (HP Digital Send Service software must be available to use this Log In Method. If no DSS server is associated with this device, walk -up users will not be required to authenticate before using the device.) Kerberos: Requires users to enter a username and password to be verified by a Windows Server
HP Designjet Printer Series Security Settings 28 For more information About HP Designjet printers: www.hp.com/go/designjet About HP WebJetAdmin: www.hp.com/go/webjetadmin © 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompa nying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herei n. Microsoft and Windows are U.S. registered trademarks of Mic rosoft Corporation. Adobe ™ and PostScript™ are trademarks of Adobe Systems Incorporated, which may be registered in certain jurisdictions. April 2012