solution Contentsolution Content

HP OfficeJet Pro X series - Printer Security Features

Security statements

This printer supports security standards and protocols that help secure the printer, protect information on your network, and simplify monitoring and maintenance of the printer.
For information about HP's secure imaging and printing solutions, visit www.hp.com/go/Secureprinting. The site provides links to white papers and FAQ documents about security features and may include information about additional security features that are not contained in this document.

Assign a password in the HP Embedded Web Server

The HP Embedded Web Server allows you to assign a password so that unauthorized users cannot change printer configuration settings in the HP Embedded Web Server. When the password is assigned and applied, you must enter the password to make any configuration changes that are done through the HP Embedded Web Server. If you change an existing password, you must first enter that password. You can also remove the password by entering the existing password and then deleting the assigned password.
Use the following steps to assign a password:
  1. Open the HP Embedded Web Server (EWS):
    1. From the Home screen on the printer control panel, touch the Network button to display the IP address or host name.
    2. Open a Web browser, and in the address line, type the IP address or host name exactly as it displays on the printer control panel. Press the Enter key on the computer keyboard. The EWS opens.
      Figure : Example of an IP address in a browser window
      note:
      If the Web browser displays a There is a problem with this website’s security certificate message when attempting to open the EWS, click Continue to this website (not recommended).
      Choosing Continue to this website (not recommended) will not harm the computer while navigating within the EWS for the HP printer.
  2. Click the Settings tab.
  3. From the left navigation pane, click Security, and then click Password Settings.
    note:
    If a Redirecting to Secure Page dialog box opens, click OK.
  4. In the area labeled Password Settings, enter the following information:
    • Password: Enter a password using A-Z, a-z, 0-9, and ! " # $ % ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
    • Confirm Password: Re-enter the Password
  5. Click Apply to save the pass settings.

Control Panel Lock

The HP Embedded Web Server allows the ability to lock certain features on the printer’s control panel to prevent unauthorized use. Once the control panel lock is enabled, certain control panel configuration features cannot be changed from the control panel. The control panel lock setting itself can also be secured. This is accomplished by setting the HP Embedded Web Server administrator password. Once the HP Embedded Web Server administrator password is set, the admin password must be entered when accessing the control panel lock enable/disable setting.

Disable unused protocols and services

The HP Embedded Web Server allows the ability to disable unused protocols and services. These protocol and services settings can also be protected from being changed by setting the EWS admin password. These protocols and services include the following:
  • IPv4 and IPv6 disable/enable: To operate properly on a TCP/IP network, the printer must be configured with valid TCP/IP network configuration settings, such as an IP address that is valid for your network. This printer supports two versions of this protocol: version 4 (IPv4) and version 6 (IPv6). IPv4 and IPv6 can be enabled/disable individually or simultaneously enabled.
  • Bonjour disable/enable: Bonjour services are typically used on small networks for IP address and name resolution where conventional a DNS server is not used. The Bonjour service can be enabled or disabled.
  • SNMP disable/enable: SNMP (Simple Network Management Protocol) is used by network management applications for printer management. This printer supports the SNMPv1 protocol on IP networks. This printer allows the ability to enable/disable SNMPv1.
  • WINS disable/enable: If you have a Dynamic Host Configuration Protocol (DHCP) service on your network, the printer automatically obtains its IP address from that server and registers its name with any RFC 1001 and 1002-compliant dynamic name services as long as the Windows Internet Name Service (WINS) server IP address has been specified. The WINS server IP address configuration can be enable or disabled. If enabled, then the primary and secondary WINS server can be specified.
  • SLP disable/enable: Service Location Protocol (SLP) is an Internet standard network protocol that provides a framework to allow network applications to discover the existence, location and configuration of networked services in enterprise networks. This protocol can be enabled or disabled.
  • LPD disable/enable: Line Printer Daemon (LPD) refers to the protocol and programs associated with line-printer spooling services that may be installed on various TCP/IP systems. LPD can be enabled or disabled.
  • LLMNR disable/enable: Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. LLMNR can be enabled or disabled.
  • Port 9100 disable/enable: The printer supports raw IP printing through TCP Port 9100. This HP-propriety TCP/IP port on the printer is the default port for printing and it is accessed by HP software. Port 9100 can be enabled or disabled.
  • Web Services disable/enable: The printer supports the ability to enable or disable Microsoft Web Services Dynamic Discovery (WS Discovery) protocols or Microsoft Web Services for Devices (WSD) Print services supported on the printer. These web services can be enabled or disabled together or WS Discovery can be enabled separately.
  • Internet Printing Protocol (IPP) disable/enable: Internet Printing Protocol (IPP) is an Internet-standard protocol that allows you to print documents and manage jobs over the internet. IPP can be disabled or enabled.

Administrator Settings

The HP Embedded Web Server allows the ability to enable and disable certain printer capabilities. These include network, Ethernet, wireless, wireless access point (i.e. disables wireless direct capability), USB, fax, fax reprint, copy, digital send, webscan, control panel lock, color fax, color copy, color print from memory devices, all web services, only ePrint, and only Apps. The printer must be turned off, and then turned on again, for settings to take effect.

Color Access Control

HP’s suite of color access control tools allows you to enable or disable color by individuals users or groups and applications. For more information see www.hp.com/go/upd. The HP Embedded Web Server also allows you to disable color faxing, color copying, and color print from memory devices.

Protected Protocols – HTTPS

The HP Embedded Web Server features the ability to enable encryption of printer communication through the HTTPS redirection feature. When used, HTTPS prevents others from viewing information between the EWS and the printer via encryption – providing a secure communication method.

Firewall

The HP Embedded Web Server allows the ability to enable and configure printer firewall rules, priorities, templates, services and policies. The firewall feature provides a network-layer of security on both IPv4 and IPv6 networks. The firewall configuration capability provides control over IP addresses that are allowed access the printer, and the ability to set permissions and priorities for digital send, management, discovery, and print services--providing a more secure way of controlling access to the printer.

Scan-to and Fax-to Folder Authentication

The Scan-to and Fax-to network folder allows sending to a network folder via the Windows file sharing mechanism. A username and password may be required to log onto the network where the network folder is located. In addition, appropriate privileges may be required to have write access to the network folder.

Syslog

Support of Syslog, a standard protocol for logging status messages to a designated server, can be used to track the activities and status of devices on the network. The HP Embedded Web Service provides the ability to enable Syslog and to specify the server to which the status messages will be sent. Specifying the priority of those status messages is also supported.

Certificates

The HP Embedded Web Server provides the ability to install and manage certificates for the authentication of printer, server and network. This includes the ability to create a certificate, install a certificate, and import and export certificates.

Signed Firmware

Support of digitally-signed firmware updates eliminates exposure to malicious software by preventing the installation of non-approved firmware on the printer.

Wireless Authentication

The HP Embedded Web Server provides the ability to configure wireless networking via such 802.1x wireless enterprise authentication protocols as EAP-TLS, LEAP, and PEAP to support access control. The HP Embedded Web Server also provides the ability to configure wireless dynamic key encryption such as WEP encryption and WPA-PSK authentication. In addition, Wireless Direct Authentication can be enabled or disabled.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?