Which hosts need to print?

 

 

Options

 

 

 

 

 

 

Only computers on the same subnet as HP

 

Option 1) For SET 1/2/3/4. Eliminate the

 

Jetdirect

 

default gateway (set to 0.0.0.0). This

 

 

 

 

doesn’t prevent HP Jetdirect from

 

 

 

 

receiving packets from other subnets,

 

 

 

 

but does prevent the responses from

 

 

 

 

returning to those remote subnets. As a

 

 

 

 

result, TCP connections cannot be

 

 

 

 

formed.

 

 

 

 

Option 2) For SET 1/2/3/4. Setup an

 

 

 

 

access control list with the IP address

 

 

 

 

and mask for the local subnet.

 

 

 

 

Option 3) For SET 3. Setup a rule to

 

 

 

 

protect print traffic using the Firewall.

 

 

 

 

Option 4) For SET 4. Setup a rule to

 

 

 

 

protect print traffic using the IPsec.

 

Ten or less individual computers on different

 

Option 1) For SET 1/2/3/4. Setup an

 

subnets

 

access control list for each individual IP

 

 

 

 

address with a mask of

 

 

 

255.255.255.255.

 

 

 

 

 

Option 2) For SET 3. Setup a rule to

 

 

 

 

protect print traffic using the Firewall

 

 

 

 

Option 3) For SET 4. Setup a rule to

 

 

 

 

protect print traffic using IPsec

 

All hosts in the company.

 

Option 1) For Set 1/2/3/4. Setup an

 

 

 

 

access control list for the network ID

 

 

 

 

assigned to your company. As an

 

 

 

 

example, for HP’s internal network,

 

 

 

 

there would be two entries: IP - 15.0.0.0

 

 

 

 

mask - 255.0.0.0 and IP -16.0.0.0 mask

 

 

 

- 255.0.0.0.

 

 

 

 

 

Option 2) For SET 3. Setup a rule to

 

 

 

 

protect print traffic using the Firewall

 

 

 

 

Option 3) For SET 4. Setup a rule to

 

 

 

 

protect print traffic using IPsec

Table 5 – Access Control

Because there are many print protocols supported over TCP, the next logical step is to disable all print protocols that the administrator doesn’t use. How to disable these protocols can be found in the administrative guidelines for the appropriate product SET.

It is important to note that all TCP/IP traffic to any device (not just HP Jetdirect) that is not cryptographically protected is subject to IP address spoofing and Man-in-the-Middle (MITM) attacks. These attacks can target any TCP/IP traffic. Also, some cryptographic protections can be used but may not be deployed correctly. For instance, if you are relying on SSL/TLS to protect your data, you need to have the certificates used by SSL/TLS to be properly signed by a trusted Certificate Authority. Otherwise, SSL/TLS is subject to MITM attacks as well because it depends on a robust PKI to successfully authenticate the server endpoint (and optionally the client endpoint).

What about the user at work that is allowed to print but keeps changing the display or doing other mischief with the printer using TCP Port 9100? Well, that really is no different then if they were printing personal items at work, running the printer out of consumables with large print jobs, etc… If

8