The Configure Security Settings page is a one-stop menu for configuring most of the security-related settings on the product. The settings on this page along with the settings in the HP Jetdirect Security Configuration Wizard can help you improve the level of security on your product.
This help page accompanies the Configure Security Settings page to explain settings and to provide recommendations. Keep in mind that not all networks are alike, and the recommendations are only for reference to help you consider your options.
NOTE: The HP recommendations on this page are for products in the most common enterprise networks. You should consider each recommendation as it relates to your network.
Click the Apply button at the bottom of the page to complete your configurations. None of the configurations will be complete until you click the Apply button.
The following sections cover their corresponding sections on the Configure Security Settings page in the product Embedded Web Server (EWS).
The Device Password feature helps protect the product from unauthorized access through remote applications, such as the product EWS (this application). With the Device Password configured, the product will not allow changes to configuration settings unless the correct password is provided. The Device Password is also called the Administrator Password in some applications.
The Information tab requires administrator access option enhances the security level and if checked user will not be able to access any information about the device without providing the Device password, if configured. If this option is not enabled the user can access the Information tab without providing the Device password, if configured.
The Jetdirect Security Configuration Wizard includes options to configure the Device Password (called Administrator Password in this case). If you ran the Jetdirect Security Configuration Wizard first (as recommended), the Device Password is already configured.
The product also has an EWS Password feature that you might find in some applications. When you configure the Device Password, the product synchronizes the EWS Password to be the same.
Recommendation: Configure the Device Password to help ensure control over the configuration settings.
To configure the Device Password, type 12 or fewer characters into the New Password field, and repeat them exactly in the Verify Password field.
To change the password, type the old password in the Old Password field, and type a new one in the New Password and Verify Password fields.
To disable the Device Password, type the old password in the Old Password field, and leave the New Password and Verify Password fields blank.
The PJL password feature helps protect the product from unauthorized configurations through Print Job Language (PJL) commands. It does not affect ordinary print jobs. Once the PJL password is configured, the product requires it before it will process any of these commands.
Recommendation: The PJL password is different from the option to disable PJL disk access (another setting in the EWS Security page). Configure both settings for better security.
Set the PJL password by typing any number between 1 and 2147483647 into the New Password field, and repeat it exactly in the Verify Password field.
To change the password, type the old password in the Old Password field, and type a new one in the New Password and Verify Password fields.
To disable the Device password, type the old password in the Old Password field, and leave the New Password and Verify Password fields blank.
The File System Password feature helps protect the product data storage system options from unauthorized access. With the File System password configured, the product requires the password before it will allow configurations to features that affect the data storage system. Some of these features are the File Erase mode, the Secure Storage Erase feature, and the File System Access options.
Recommendation: Configure the File System Password for better control over access to the File System options.
To configure the Files System Password, type 8 or fewer characters into the New Password field, and repeat it exactly in the Verify Password field.
To change the password, type the old password in the Old Password field, and type a new one in the New Password and Verify Password fields.
To disable the Device password, type the old password in the Old Password field, and leave the New Password and Verify Password fields blank.
The File System Access options allow you to completely disable many of the access points to the product data storage system. These access points are for various types of usage for the product. Some are related to product functions, but some are not. See the recommendations below.
If you configured the File System Password, The product will require it before it will allow you to change the File System Access settings.
Recommendation: HP Recommends disabling (deselecting) PJL Disk Access, SNMP Disk Access, and NFS Disk Access. These access points are for adding and deleting files on the product storage devices, but they are usually not required for normal product operations such as printing, copying, faxing, and digital sending.
HP recommends enabling (selecting) PS Disk Access. This allows users to print PS-type files.
NOTE: Keep in mind that some network processes might use these access points. For instance, some Norton applications use NFS access. Thus, you should not disable a NFS access if your network uses it.
The File Erase Mode setting allows you to select the level of security at which the product erases files as it routinely deletes them from its storage devices.
The File Erase Mode feature includes three options for levels of security.
Recommendation: HP recommends using Secure Fast Erase because it is relatively fast, but it effectively destroys the file data and ensures a reasonable level of security. If your network requires a higher level of security such as to meet Department of Defense standards, you should select Secure Sanitize Erase.
NOTE: The File Erase Mode setting is available only after the File System password is configured.
The control panel lock feature provides three options for removing specific types of menus from the control panel.
Recommendation: HP recommends selecting Moderate Menu Lock. This will allow users to work with their own jobs, but they will not be able to interfere with the jobs of others.
NOTE: Once the Control Panel Access Lock is configured, no one can access these settings on the control panel. The product does not provide a way for authorized use of these settings.
The EWS options allow you to choose some of the settings that appear on the default EWS page. Some of options can allow users to manipulate or even delete the jobs of others.
Recommendation: HP recommends disabling all of these features except the Print Page option. The Print Page option allows users the convenience of printing via the EWS. Disabling the other options prevents users from tampering with operations on the product.
The product accommodates various services that can operate remotely for the product or that can operate directly on the product. Keep in mind that an authorized administrator can always enable a service as needed for an operation and then disable it.
Recommendation: HP recommends disabling all of these services other than Job Retention unless they are required for applications on your network. For instance, some network applications provide workflow printing services that you may wish to enable.
The service options are designed for convenience and for some types of network applications that help with management:
The Direct Ports feature allows you to shut down the direct connections (parallel port and USB port). Shutting down these ports eliminates the capability of connecting a computer directly to the product. It limits all access to the network connection.
Recommendation: Disable Direct Ports to limit possible access to configuration settings.
The Print Usage Tracker feature changes the way your product counts pages. The new page counting method is more suited to today's job accounting needs. However, once the new page counting method is enabled, you cannot revert to the old counting method.
Recommendation: Since the change to the new counting method is irreversible, HP strongly recommends that you carefully read the terms and conditions that appear in this section before deciding to enable this feature on your product. For more information about this change, follow the instructions given in the text in this section.
Follow these steps to enable the Print Usage Tracker feature on your product.
1. Select the I Accept option.
2. Check the option Enable the Print Usage Tracker feature on this device.
3. Click the Apply button for the change to take effect.
The configurations you make on this page are applied to the product by clicking the Apply button below. You can apply your changes any time as you configure them, or you can apply all of them at once. Click the Cancel button to discard your changes without applying them to the product.
NOTE: None of your settings will be configured on the product until you click the Apply button.