HP Web Jetadmin - Security and HP Web Jetadmin
9
as described previously. Always test to be sure SSL is enabled and being enforced when
performing an HP Web Jetadmin restore.
Digital signatures
HP Web Jetadmin uses digital signatures for all of its packages and plug-in descriptor files to ensure
file integrity and authenticity. All files downloaded from hp.com for product updates are digitally
signed. HP Web Jetadmin verifies the digital signatures by using a Verisign-managed root certification
authority. During application installation, this root CA is installed in the Trusted Root Certification
Authorities location in the Local Machine certificate store. Files and packages are signed by a
certificate derived from this CA chain. If authentication of a package or file fails, HP Web Jetadmin
refuses to load it. This industry-standard infrastructure also uses Certificate Revocation Lists (CRL) to
track any certificates that may have been revoked. If necessary, the most up-to-date CRL can be
manually obtained at:
http://onsitecrl.verisign.com/HewlettPackardCompanyEIPPrintingDeviceCSID/LatestCRL.crl
Network ports
HP Web Jetadmin uses the following ports.
Port number Type Inbound/Outbound
(I/O)
Details
69 UDP I
TFTP Incoming Port: HP Web Jetadmin uses this port as a staging area for
firmware images during HP Jetdirect firmware updates. Through SNMP,
HP Web Jetadmin triggers HP Jetdirect to retrieve firmware through this
port.
80 TCP O
HP Web Jetadmin uses this port to qualify the link to the HP Embedded
Web Server on the device.
161 UDP O
SNMP: HP Web Jetadmin and other management applications use SNMP
to communicate with and manage devices. HP Web Jetadmin uses this
port on the printer to issue Set and Get commands to the SNMP agent.
427 UDP I
SLP Listen: HP Jetdirect-connected devices use Service Location Protocol
(SLP) to advertise their existence. When the passive SLP discovery feature
is enabled on HP Web Jetadmin, devices send multicast packets to this
port on the HP Web Jetadmin server.
443 TCP O
Web Services (HTTPS): HP Web Jetadmin uses this port to manage some
newer HP devices. HP Web Jetadmin sends device configuration as well
as queries to this port.
445 UDP O
WMI Communication: Windows Management Instrumentation (WMI) is a
protocol on Microsoft Windows hosts. HP Web Jetadmin uses WMI to
detect the presence of a printer on the Windows host. This is one of the
ports on the Windows host that WMI uses to allow communication from
outside servers, including servers running HP Web Jetadmin.
843 TCP O
HP Web Jetadmin uses this port to configure some settings, such as fax
and digital sending, on some HP MFP device models.
1434 UDP O
Microsoft SQL Server: By default, HP Web Jetadmin installs the SQL
Server database on the same host. Optionally, you can configure HP Web
Jetadmin to communicate with a SQL Server database on a different host.
HP Web Jetadmin uses this port to facilitate communication with a remote
SQL Server database.
2493 UDP I/O
Build Monitor: This is an HP Web Jetadmin server port that is kept open.
Other HP Web Jetadmin servers use this port to discover running instances
of HP Web Jetadmin.