Manualshelf

HP LaserJet, HP PageWide - Secure by Default Initiative (white paper)

ManualsBrandsHP ManualsPrint & ScanCE708A
12345678910
5
TLS versions 1.0 & 1.1 have known vulnerabilities and are no longer recommended for cryptographic communications.
TLS 1.0 and 1.1 were defined in 1999 and 2006 respectively.
Figure 5: TLS protocols in the Embedded Web Server (EWS)
Note: Some HP and 3rd party solution software may have TLS 1.0 dependencies requiring TLS 1.0 to be enabled / re-
enabled for installation or to function properly after installation.
Note: HP and 3
rd
party solutions may inherit their TLS protocol properties from their host server. Some server operating
system versions may not support TLS versions greater that TLS 1.0 or may require additional configuration to enable
TLS 1.2 support.
See Appendix A Print Solution and Fleet tool Impacts for effects on device solutions and fleet management tools.
New FutureSmart 4 Security Features
The FutureSmart 4.5 FutureSmart bundle includes several new security features. All new security features are enabled
by default when introduced to ensure the most secure printing device state. These features may include a configuration
setting to be disabled for specific networking environments.
HP Connection Inspector
HP Connection Inspector is a new intelligent embedded security feature. The technology is unique in that it can inspect
outbound network connections typically abused by malware, determine what is normal and stop suspicious activity. If
the printer is compromised, it will automatically trigger a reboot to initiate HP Sure Start self-healing procedures.
This feature is enabled by default. It can be disabled and has user configurable settings to tune the feature to specific
networking environments and reduce false positives.
EWS Setting Configuration Path:
Networking Tab -> TCP/IP Menu -> Network Identification Page
Figure 6: HP Connection Inspector in the Embedded Web Server (EWS)
Please see the HP Connection Inspector Technical Whitepaper more information.
Note: See Appendix A Print Solution and Fleet tool Impacts for effects on device solutions and fleet management tools.
Cross-Site Request Forgery Protection
Cross-Site Request Forgery (CSRF) is an exploit which hijacks the authenticated user session to send unauthorized
requests to a server. When the device administrator authenticates to the EWS server, it generates a session
authentication token. The CSRF feature provides for generating an additional cryptographic randomly generated CSRF
token which protects against an attacker sending commands as the authenticated administrator.