HP Web Jetadmin - Security and HP Web Jetadmin
15
Figure 11—Needed credentials
Figure 12—Credentials required
•
If success, stop, add credential
to device store
• Else, log credential-needed,
prompt user if live session
During a live user-attended
configuration session, HP Web
Jetadmin prompts for credentials
(see Figure 11).
If the user did not supply the credential
or the session was not live, the device
is flagged as Credentials Required (see
Figure 12). This state can be observed in the
Credentials Required column that can be enabled in
any list’s column layout. Users can right-click the
device and add the needed credential to the system
in order to resolve this state.
Sensitive device information
In some cases, HP Web Jetadmin sends sensitive
information to the device. This information can
include user and password detail as shown in
Figure 13. In this case, HP Web Jetadmin is
sending the information using the SSL/TLS protocol.
This protocol allows HP Web Jetadmin to send
encrypted information to the device and prevents
clear-text information from being “sniffed” through
a network trace utility. When communicating with
the device through the SSL/TLS protocol, HP Web
Jetadmin uses certificates stored on the printer’s
Jetdirect network interface. These certificates can
be self-signed or they can be signed by a verifiable
certificate authority. At this time, HP Web Jetadmin
does not check the authenticity of certificates stored
on the device; it simply uses the certificate when
communicating with the device through the SSL/TLS
protocol. This security limitation could be exploited,
allowing un-authorized individuals access to
sensitive information. Administrators should keep
this in mind when managing sensitive device
information using HP Web Jetadmin.
Backup/restore note
HP Web Jetadmin stores many items securely in the SQL data tables that it uses for all information
storage and retrieval. Much of this information is considered sensitive and is encrypted within these
data tables. HP Web Jetadmin uses security techniques that include tying this data encryption to the
Windows certificate that is unique to each instance of Windows. For this reason, many securely
stored items do not traverse a restore when this operation is being performed on a new or different
instance of Windows. These items include:
• All stored device credentials
Figure 13—Solutions settings include user/password