HP JetAdvantage Security Manager 10 Device E-LTU Manual do Utilizador descarregar pdf (Página 54)

Direct Connect Ports

Direct Connect Ports (such as USB or RS232) provide direct hardware connections to the device. If

these ports are active, walk-up users can access a device through a direct connection. In addition,

the device is open for file access and firmware upgrade.

In HP LaserJet printers, there are direct ports available for printing other than the network port. USB

ports are the most common and in some older printers, parallel and serial ports are also available.

Walk up USB printing is a feature found on the latest HP LaserJet printers. Unlike a USB printer

connection to a pc, this feature allows users to print supported file formats (.pdf, .prn, .pcl, .ps, .cht)

directly from a supported USB storage device. Users can bypass server based printing queues and

customized print drivers via this method of printing. Printer firmware can also be upgraded through

the USB port. Although being a very convenient, somewhat mobile way of printing, some security

concerns shouldn’t be ignored. For example, (.prn) is one of the USB supported print file formats and

in addition to including the proper print format, could include malicious embedded PJL commands.

PJL (Printer Job Language) is an extension of PCL (Printer Command Language), which allows control

of the device at the print job level. Local firmware upgrades are also possible through the USB port.

If malicious firmware was installed through the local USB port, it would be nearly impossible to detect

on a printer’s embedded system.

Each time the printer is powered on, it will perform a boot-up sequence. During the boot-up

sequence, the printer detects all installed USB storage devices and configures them in a standard way

for HP and non-HP applications. Users who leave USB storage devices installed during this boot-up

sequence will notice that the printer stores folders and files on the device. Users who do not want

files written to the USB storage device must be careful to remove the USB storage device from the

printer during the boot-up sequence. The USB mass storage device cannot interact with the printer’s

network card or transfer data to the network.

To only use the network port for printing, disable all active direct ports. If the direct ports are active

(this is the default setting), choosing to disable them will power cycle the printer. The power cycle

sequence must complete before the remediation task can report success. Please keep this necessary

increase in remediation time in mind when including the disabling of direct connect ports as part of

your security policy.

Host USB Plug and Play

The Host USB plug and play feature allows the device to access USB accessories that are connected

by walk-up users, such as scanning or saving to a USB storage device.

1 2 ... 49 50 51 52 53 54 55 56 57 58 59 ... 115 116

Sem comentários

HP JetAdvantage Security Manager 10 Device E-LTU Manual do Utilizador Página 54