HP printers are intended to be used on a private network behind a firewall or router. Securely configuring publicly accessible printers is necessary to minimize the risk of misuse or attack.
If HP printers are placed in the public IP address space they could be accessed by anyone with public internet access. This includes access to the Embedded Web Server configuration interface, TCP/IP protocols including Telnet, FTP and SNMP, and the Port 9100 printing interface.
The recommendations listed below provide a basic level of protection. See the Additional Information section, for resources addressing additional security settings.
-
Set an Embedded Web Server (EWS) configuration password
-
Set a PJL password and disable file system access via the PJL and Postscript interface
-
Disable remote firmware upgrade commands
-
Enable SNMP v1/v2 read-only access, configure a Set and Get SNMP v1/v2 Community name and disable the default community name of Public
-
Create an Access Control List (ACL) to allow only specific network connections (when available)
-
Disable Port 9100 printing services and configure IPP/IPPS printing services (requires client configuration)