HP Web Jetadmin Software Users, Roles, Users, Roles, Roles, SNMPv3, Feature Permissions, SNMP Set Community Name, Restricting Configuration by Device Group

Credentials Required column that can be enabled in any device list (Columns for Device Lists on page 93). You can right-click the device and add the needed credential to the system in order to resolve this state.

HP Web Jetadmin enables device security by providing management over appropriate, device-based security settings. The HP Jetdirect password that was used by HP Web Jetadmin in the past is a software security solution and not a device-based security solution. That is, the password itself had to be recognized and authenticated by earlier revisions of HP Web Jetadmin software. Other applications did not recognize this password and did not force users to prove knowledge of the password.

As security features have become more sophisticated and device based security has improved,

HP Web Jetadmin developers have opted out of using the HP Jetdirect device password as a protective mechanism for device authentication. Instead, HP recommends that you choose one of the following two recommendations providing device security:

●SNMP Set Community Name: Devices will not allow an SNMP Set from any application without the Set Community Name correctly embedded in the SNMP packet. If the Set name in the packet is “public” and the Set name on the device is “George”, the device will not accept or acknowledge the packet. Set Community Names traverse the network in clear text and, therefore, can be “sniffed” or viewed by eavesdroppers. In most environments, security provided a Set Community Name may provide adequate security.

●SNMPv3: Devices configured via SNMPv3 offer significant security benefits. First, SNMPv3 configures a user account and two pass-phrases onto the device that the user (or application) must authenticate. This blocks unauthorized management of devices, and the account/pass-phrase details do not traverse the network in clear text which makes it difficult for eavesdroppers to learn the “secrets”. Second, the communication between the management application and the device is encrypted using the SNMP credentials so information about the device is protected. SNMPv3 is recommended in security-sensitive environments.

Within the model of device credential delegation, restriction to specific device configuration can be further defined in User Security using the Restriction type Groups (Restrict Roles to Device Groups on page 274).

Consider the following layers of security:

●Access to device credential values: Credential Store/selected device administrators (Credentials Store on page 45).

●Access to HP Web Jetadmin: Users and Roles (User Security on page 271).

●Access to device credentials store: Roles/Feature Permissions (Roles on page 273).

●Access to specific devices: Roles/Device Group Membership/Device Feature Permissions (Roles on page 273).

Each layer uses HP Web Jetadmin security to protect against unauthorized access:

1.First, device passwords are protected by one administrator or a few select administrators.

2.Second, Users and Roles allow only authorized users to log onto HP Web Jetadmin.

3.Third, Roles and Feature Permissions allow only authorized users access to configuration access to all devices.

4.Finally, Roles, Device Group Membership, and Device Feature Permissions allow authorized users to specific devices based on device group membership and specified device configuration features.