HP Imaging and Printing Security Center Help
© 2012 Copyright Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited, except as allowed under the copyright laws. The information contained in this document is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Table of contents 1 Introduction ..................................................................................................................................................... 1 Getting started with the HP Imaging and Printing Security Center ....................................................... 2 Review security policy ......................................................................................................... 2 Add devices ............................................................
Rename a group ............................................................................................... 24 Delete a group ................................................................................................... 24 Add or remove a device from a group ............................................................... 24 Delete a device ................................................................................................. 25 Assign a license manually ..................................
1 Introduction The HP Imaging and Printing Security Center (HP IPSC) is a security compliance tool. Use it to create policies to assess the security of your imaging and printing devices, configure the devices to comply with the policy, and monitor the devices for continued compliance. Using the HP IPSC, you can: ENWW ● Easily and quickly create device security policies. Intelligent prompts guide you through the process by providing advice and recommendations as you configure the policy.
Getting started with the HP Imaging and Printing Security Center Getting started with the HP IPSC typically involves the following tasks. Review security policy Use the Policies tab to create a security policy for your network. You can create a new blank policy or use a template, which provides a policy based on industry standard recommendations. After you create the policy, intelligent prompts guide you through the process of setting the items.
The HP Imaging and Printing Security Center system The HP IPSC system consists of the following tabs: ● Home A graphical overview of what is needed to get started with the HP IPSC system. Click an icon to open the HP IPSC Help. The legal disclaimer is also displayed on this page. ● Policies Lists the security policies that you created. NOTE: A built-in policy is provided (HP Best Practices Base Policy), that you can use as a template for creating your own policy.
Using the Devices tab, you can: ◦ Add devices manually or import a text or XML file containing a list of devices. ◦ Add or remove devices from groups you create. (A group is a collection of devices.) You can then filter the display by any column. For example, you might want to display severe failures by filtering on the risk column. Or display only devices with a credential error using the device status column. ◦ Display the device assessment recommendations and properties.
What you must provide The following lists the basic requirements for using the HP IPSC: ● A supported Microsoft Windows computer. The following Microsoft Windows 32- and 64-bit operating systems (except as noted) are supported: ● ◦ Windows Server 2008 ◦ Windows Server 2008 R2 ◦ Windows Server 2012 ◦ Windows Vista ◦ Windows 7 ◦ Windows 8 HP IPSC is supported in a VMware environment.
6 Chapter 1 Introduction ENWW
2 Set up the HP Imaging and Printing Security Center Use the information in this section to set up the HP IPSC. NOTE: For installation instructions of the HP IPSC see the HP Imaging and Printing Security Center Installation and Setup Guide.
Set the HP Imaging and Printing Security Center server connection option When you first start the HP IPSC, you must provide the DNS name or IP address of the server in the Connect to Server window. Whether the HP IPSC prompts for the server name is controlled by an option in Settings. Use the following steps to change this option. 1. Start the HP Imaging and Printing Security Center. 2. If prompted, enter the server name in the Connect to Server window, and then click Connect. 3.
Verify global remediation setting Before running the first assessment, HP recommends that you verify the global remediation setting, which controls whether an out-of-compliance device is remediated (corrected) during the assessment process. This setting applies to all policies and takes precedence over an individual policy's advanced remediation settings (Advanced Policy Settings).
Install device licensing Before you can assess and remediate any of the printers/MFPs on your network, you must install HP Imaging and Printing Security Center device licenses. (Without a device license, all other actions are available, such as sorting, filtering, and verifying.) A device license is required for each printer/MFP that you plan to assess/remediate. Licenses are typically provided using a license file.
6. 7. ENWW If an error is displayed (No licenses were added), the following are typical causes: ● The HP IPSC is unable to connect to the license server. ● Attempting to update a demonstration license. A new demonstration license will not override an existing demonstration license. ● Attempting to install a demonstration license file when a normal license is currently installed. ● Attempting to install the same license file. ● Attempting to install a corrupted or invalid license file.
Set up Instant-On Security Using the HP Device Announcement Agent that is built into the latest firmware of most HP Enterprise printers/MFPs, and the Instant-On Security feature in the HP IPSC, you can immediately discover and configure print devices securely when they first connect to your network without intervention. NOTE: Automatic assessment/remediation of newly discovered devices requires a device license and a valid initial assessment policy.
NOTE: The Instant-On Security feature might fail if IPsec, Windows firewall, or other firewalls disallow communication with the HP IPSC using port 3329. 1. If you plan to activate automatic remediation, first request your site administrator to add an entry in your corporate DNS server that points hp-print-mgmt to the IP address of your HP Imaging and Printing Security Center server. 2. Create a valid policy by using the following steps: a.
8. Select the minimum authentication required for the assessment. The default setting is No Authentication (Out of the Box). a. Select the Mutual Authentication button for the highest authentication level. This authentication method is both the most complicated to set up and also the most secure. It requires certificates be configured both on the device and in the HP IPSC. With this method, the HP IPSC server and the device verify that each other's certificates are valid.
3 Use the HP Imaging and Printing Security Center This section discusses how to add and edit device information, create a policy, assess and remediate, and run reports.
Create a security policy After you create a new policy (from the Policies tab), intelligent prompts guide you through the process of setting the items. Advice and recommendations are provided as you configure the policy. A built-in policy is provided (HP Best Practices Base Policy), that you can use as a template for your own policy. NOTE: Because the HP Best Practices Base Policy includes specific credentials that are vital for a secure policy, the policy you create is initially invalid.
NOTE: You can globally include or exclude all items in a specific category or the entire policy by right-clicking the category or subcategory and then selecting the setting. For more information, see Include or exclude all items on page 18. In addition, you can globally set the advanced remediation options (remediation and unsupported behavior) in a specific category or the entire policy by right-clicking the category or subcategory and then selecting the setting.
Include or exclude all items You can set a policy to include or exclude items. Setting Include All Items at the top level creates a valid policy that includes all the recommended settings. Setting Exclude All Items at the top level deselects all items in the policy. To set the include or exclude option, use the following steps: NOTE: You can also include or exclude items at the subcategory level. 1. Start the HP Imaging and Printing Security Center and click the Policies tab. 2.
Set policy options for a single item To set the severity, remediation, and unsupported behavior options for specific items in a policy: 1. Start the HP Imaging and Printing Security Center and click the Policies tab. 2. Select the policy from the policies panel and click the Edit icon from the toolbar. 3. Select the category and then select the item that you want to set. 4. Set the Severity option by selecting High, Medium, or Low. 5.
To export a policy: 1. Start the HP IPSC and click the Policies tab. 2. Select the policy you want to export, right-click and select Export Policy. Or, click Action and then click Export Policy. NOTE: If the Export Policy selection is grayed-out, the policy is invalid/incomplete. 3. Enter the passphrase to use for this policy, and then click OK. You can use any characters up to a maximum of the dialog box (80 characters). 4. Navigate to the folder where you want to store the policy and click Save.
Add and edit device information You can add devices by manually entering them or by importing a text or XML file that contains a list of devices. In addition, devices are automatically added if you selected the Accept Device Announcements check box in the Instant-On Security tab of the Settings window (click File and then select Settings). Devices in this category are noted in the Auto Discovered column in the main panel of the Devices tab. For information, see Set up Instant-On Security on page 12.
Manually enter device addresses Use the following steps to manually enter device addresses using the Add Devices option: 1. Start the HP Imaging and Printing Security Center and then click the Devices tab. 2. If you need to add a group, select Custom Groups in the group panel, click the Action menu, and then click New Group. Or, right-click on the Custom Groups and then click New. Enter a name for the new group. 3.
3. If you need to add a group, select Custom Groups, click the Action menu, and then click New Group. Or, right-click on the Custom Groups and then click New. Enter a name for the new group. 4. To import the devices, right-click on a group and select Add Devices. Or, click Add Devices in the toolbar. 5. Click Select to select a group from the Add to Group field. 6. Click Add File to locate the text file to import. 7. Select the file, and then click Open.
Rename a group 1. Click the Devices tab, select the group name, click the Action menu, and then click Rename Group. You can also right-click the group name and select Rename from the menu options. NOTE: You cannot rename the All Devices Group. 2. Enter the new group name in the group field. Delete a group 1. Click the Devices tab and then select the group name. 2. Click the Action menu, and then click Delete Group. You can also right-click the group name and select Delete from the menu options.
Delete a device 1. Click the Devices tab. 2. Select the group that contains the device to delete, and then select the device from the device list. CAUTION: If you confirm the deletion, the device and all of its history are permanently removed from the system. 3. Click the Action menu, and then select Delete Device from the options. You can also right-click the device and select Delete Device from the menu options, or select the Delete icon from the top of the device panel list. 4.
5. To set the SNMP v1/v2 read community name, click the Read Community Name button, and enter the name on the device or group of devices, then reenter to confirm. 6. To set the SNMP v1/v2 read/write community name, click the Read/Write Community Name button, and enter the name on the device or group of devices, then reenter to confirm. 7. To set the SNMP v3 credentials, click the SNMP v3 Credentials button, and then enter the following information for the device or group of devices: a.
Assess and remediate After you add devices and create policies, you are ready to run an assessment of the devices within the selected device group. You can schedule the assessment to run immediately or to run in the future. The assessment identifies the devices in your network that do not comply with your security policy. If you choose to remediate, devices with noncompliant settings are corrected. NOTE: If Allow Automatic Remediation is enabled, automatic remediation of the device occurs automatically.
Run an assessment/remediation from the Policies tab To run an assessment from the Policies tab: 1. Start the HP Imaging and Printing Security Center and click the Policies tab. 2. Right-click on the policy you want to use and select Assess Only, or Assess and Remediate from the menu. Or, select the policy and click Action and select Assess Only, or Assess and Remediate from the menu. 3. Enter a Task Name for the assessment so you can identify it later. 4.
View results from the Reports tab To view results from the Reports tab, use the following steps: ENWW 1. Start the HP Imaging and Printing Security Center and click the Reports tab. 2. To view overall device status, select the Devices Assessed report. 3. To view items that failed and the recommendation, select the Fleet Recommendations Summary report.
Run reports Before running reports, you can select to filter the results using the device group. To do this, select Reports, Executive Summary, or Devices View, or Policy Item View and then choose the device group from the Reports toolbar. The filters apply to any report that consists of device information. Select from the following report categories.
Policy Item View Select from the following reports. ● Fleet Assessment Summary Summarizes the number of recommendations for a policy item and its risk in a security category. Filtered by the currently selected device group. ● Policies Lists all of the current policies. You can generate additional reports by item name or all items.
32 Chapter 3 Use the HP Imaging and Printing Security Center ENWW
A Network port assignments This section lists the ports used by the HP IPSC.
34 Appendix A Network port assignments ENWW
B Legal statements This section contains the legal statements.
Software license agreement HEWLETT-PACKARD SOFTWARE LICENSE TERMS The following License Terms govern your use of the accompanying Software unless you have a separate signed agreement with HP. License Grant. HP grants you a license to Use multiple copies of the Software. "Use" means storing, loading, installing, executing or displaying the Software. You may not modify the Software or disable any licensing or control features of the Software.
LIMITATION OF LIABILITY: EXCEPT TO THE EXTENT PROHIBITED BY LOCAL LAW, IN NO EVENT WILL HP OR ITS SUBSIDIARIES, AFFILIATES OR SUPPLIERS BE LIABLE FOR DIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES (INCLUDING LOST PROFIT, LOST DATA, OR DOWNTIME COSTS), ARISING OUT OF THE USE, INABILITY TO USE, OR THE RESULTS OF USE OF THE SOFTWARE, WHETHER BASED IN WARRANTY, CONTRACT, TORT OR OTHER LEGAL THEORY, AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Copyrights This product includes software developed by the following. ● log4net license ● nhibernate license log4net license The log4net license is subject to the terms of the following license: Apache License Version 2.
http://www.apache.org/licenses/ 1. Definitions: "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity.
import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted.
8. Limitation of Liability.
For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.
GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.
uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library.
(in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7.
practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12.
48 Appendix B Legal statements ENWW
