Limit access to security features

You can control access to HP Jetdirect configuration parameters using the available security features. Examples of various settings and associated levels of access control are provided in Table 6-2 Settings for Access Control on page 124.

Table 6-2Settings for Access Control

Settings

Level of Access Control

 

 

Accessible using HTTP (HP Embedded Web Server),

Low

SNMP v1/v2c applications, or Telnet

Best suited for trusted environments.

 

Administrator password not set

 

Any system can access the HP Jetdirect configuration

Default SNMP v1/v2c community names

parameters through the HP Embedded Web Server, Telnet,

No authentication or encryption

or SNMP management software. Passwords are not

required.

Access control list empty or Firewall disabled.

Administrator password set

User-specified SNMP v1/v2 Set Community Name set

Access control list contains host entries and checks HTTP connections

Telnet and other non-secure protocols disabled.

Medium

Limited security for non-trusted environment.

If the Administrator password and SNMP v1/v2c Set Community Name are known, access is limited to:

Systems listed in the access control list

SNMP v1/v2c management applications

Unused protocols disabled

HTTPS access enabled using certificates issued by trusted sources

Full-featured HP Jetdirect print servers configured for EAP/802.1X port-based authentication and encryption

Full-featured HP Jetdirect print servers with SNMP v3 enabled, SNMP v1/v2c disabled

Telnet disabled

Passwords set

Access control list contains specified entries and checks HTTP connections

High

High security for non-trusted, professionally managed environments.

Access is controlled by IPsec. Encryption provides data privacy; network communication in plain text is not used.

CAUTION: Configuration settings from a BootP/TFTP or DHCP/TFTP server can change when the print server is turned off and then on. Verify any settings that might change when the print server is turned off and then on.

Printer control panel locked

IPsec/Firewall policy is enabled and configured

124 Chapter 6 Security features (V.45.xx.nn.xx)

ENWW