HP Customer Support - Knowledge Base




  • Information
    Need Windows 11 help?

    Check documents and videos on compatibility, FAQs, upgrade information and available fixes. Windows 11 Support Center

  • Feedback



HP Printers - Minimum security settings for products on the open Internet


This document provides information on the minimum security settings for the following printers on the open internet:
  • HP LaserJet Enterprise printers
  • HP LaserJet Pro printers
  • HP Officejet printers
  • HP Officejet Pro printers
  • HP PageWide Enterprise printers
  • HP PageWide Pro printers
HP is dedicated to providing the best and latest security information available for HP printers. This checklist is intended to help you improve printer security, particularly for printers on networks open to the public internet.
HP printers are shipped in an un-configured state, which allows the customer to more easily configure the printer for their network environment. However, if the printer is not properly configured, it might be vulnerable to intruder attacks. HP strongly recommends configuring minimum security settings for all HP printers to eliminate the majority of security exposures.
For more information about configuring HP printers in network environments or for more maximum security recommendations, go to one of the following documents:

Recommended settings

Settings can be configured via the printer's Embedded Web Server (EWS). To access the EWS, type the printer’s IP address exactly as it appears on the Configuration Page in the browser url field (e.g. 12.34.567.89) and press Enter.
Security settings can also be configured with HP Web JetAdmin software and/or HP JetAdvantage Security Manager.
The following settings are recommendations based on printer usage in TCP/IP network environments using IPPs for printing. Adjust the settings as needed depending on the requirements of your print environment.
Not all settings are available on all printers and the setting options will vary depending on the printer model and firmware version installed, and therefore might be found on different tabs in the EWS. Please refer to the User Guide for printer-specific configuration options.

Network options

  • Enable TCP/IP
  • Enable IPPs Printing
  • Disable 9100 Printing
  • Disable SLP Config
  • Disable LPD Printing
  • Disable Telnet Config
  • Disable FTP Printing
  • Disable WS-Discovery
  • Disable Web Services Print (unless currently in use)
  • Disable TFTP Configuration File
  • Add allowed IPv4 addresses for EWS and print to the Access Control List.
    If the printer is on the open internet and not configured to limit access to known IP addresses, it is open for public access and potential abuse.
  • Set Encryption Strength to High
  • Enable HTTPS Setting to encrypt all web communication: Encrypt All Web Communication (not including IPP)
  • Disable mDNS Config
    If you do not have DNS on your network, leave enabled.
  • Configure an SNMP community name and disable the default community name of Public.
  • Disable unused Protocol Stacks. HP recommends the following (unless currently in use):
    • Disable IPX/SPX
    • Disable DLC/LLC
    • Disable AppleTalk/Bonjour

Security options

  • Set the Administrator password (Local Administrator or EWS Administrator password)
  • Set the PJL Security Password
  • Disable PJL Device Access Commands
  • Disable File System Page (External) Access Settings
    • Disable PJL Drive Access or PJL Disk Access
    • Disable PS Drive Access or PS Disk Access
  • Configure File System Page options
    • Disable PML
    • Disable NFS access
    • Disable Postscript File Access
  • Disable Allow Stored Jobs on this device
  • Disable Remote Printer Firmware Updates
    This setting will need to be re-enabled anytime the printer firmware needs to be updated remotely.
    • Disable Allow firmware upgrades sent as print jobs (port 9100)
    • Disable Allow installation of legacy packages signed with SHA-1 Hashing algorithm
    • Disable Remote Firmware Upgrade
  • Disable SNMP disk access or SNMP access
  • Configure Secure Disk Encryption Mode (AES128 or AES256)

Embedded Web Server options

  • Enable Outgoing Mail
  • Enable Continue Button
  • Disable Print Service
  • Disable Incoming Mail
  • Disable Command Invoke
  • Disable Command Download
  • Disable Command Load and Execute
  • Secure the Information tab (if available) or disable the following settings:
    • Disable Cancel Job Button
    • Disable Go/Pause/Resume Button

Web Services options

Wireless options

  • Configure Wireless security (if using wireless connectivity)






Country/Region: Flag India