Imag Print Security

HP DOCUMENT SOLUTIONS TECHNICAL
FUNDAMENTALS
Book 6: HP Imaging & Printing Security

Technical, Rev. 14.41
Learner guide – book 6 of 7
HP ExpertOne
Rev. 15.21
Course #: 00990446
Part #: 00990446S61503
HP DOCUMENT SOLUTIONS TECHNICAL
FUNDAMENTALS
Book 6: HP Imaging & Printing Security

Technical, Rev. 14.41
Learner guide – book 6 of 7
HP ExpertOne
Rev. 15.21
Course #: 00990446
Part #: 00990446S61503
Notice
© Copyright 2015 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
This is an HP copyrighted work that may not be reproduced without the permission of HP.
Trademark Credits
Adobe™ and PostScript™ are trademarks of Adobe Systems Incorporated, which may be registered in certain jurisdictions.
Apple®, Mac®, and Macintosh® are registered trademarks of Apple Computer, Inc.
Windows® is a U.S. registered trademark of Microsoft Corporation.
Microsoft® is a U.S. registered trademark of Microsoft Corporation.
Edition History
Rev 14.41 October 2014

Table of Contents:
COURSE OBJECTIVES 4
IMAGING AND PRINTING SECURITY TODAY 5
d.
EDUCATING CUSTOMERS AROUND DEVICE-BASED RISKS 12
te
THE SECRET TO YOUR SUCCESS 15
i
ib
HARD COPIES 17
oh
DATA ON PRINTER 24
pr
DATA SENT OVER THE NETWORK 29
is
on
PRINTER CONTROL PANEL 36
si
TAMPERING AND FORGERY 42
is
m
PRINTING FLEET 48
er
TAKING ACTION 58
tp
COURSE SUMMARY 61
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H
Copyright ©2014 HP corporate presentation. All rights reserved.

HP Security Technical v14.41 Student Guide
d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H
Copyright ©2014 HP corporate presentation. All rights reserved. 4

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Describe the traditional operation model of IT today.

ho
Examine the lengths SMB operators go to in order to protect their network and data infrastructure (routers,
w
•
PCs, servers, etc.).
in
n
Conclude with something is missing.

io
•
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Describe the nature of most imaging and printing devices today.

ho
Perform Google search to locate a college campus device that can print from EWS.
w
•
in
• Define that this is an industry problem not just for HP but for all network print manufactures.
n
io
• Examine the lengths that SMB operators go to in order to protect their network and data infrastructure
ct
(routers, PCs, servers, etc.).

du
ro
• Conclude with something is missing.

ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• It’s hard to deny that cybercrime is real and that it is a threat. Devices are more connected to the Internet
ho
than ever.
w
Despite efforts to protect from outside intrusion, the real threat is from within.
in
•
n
Security can be one-sided and unbalanced.

io
•
ct
Failure to have a complete end-to-end company perspective can have financial and legal ramifications.
du
•
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Customer’s are strongly motivated in securing their business environment.

ho
Customer’s do not see the value in securing their imaging and printing devices.
w
•
in
• Overcoming this situation is a matter of education.

n
io
ct
du
*Infotrends 2013
ro
**Closing the print security gap, Quocirca

ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
HP has the ability to provide end-to-end print security through a comprehensive HP JetAdvantage Security
ho
Portfolio of printer features, solutions, and services.

w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• HP is taking charge by leading out with a product portfolio of security solutions.

ho
The state of imaging and printing security today combined with the HP Jet Advantage portfolio provides the
w
•
essential pieces to have productive security conversations with your customers.
in
n
Security is not easy to talk about.

io
•
ct
You are obligated to educate your customers as their trusted advisor.

du
•
ro
• Educate customers about device-based risks not about the HP Jet Advantage portfolio.
ep
• Device-based risks, if important to the customer, lead to consulting opportunities for hardware, software,
.R
and services.
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Security is defined by the role of the person you are talking to

ho
Line of business manager (LOB):

w
in
• Concerned about employees getting their tasks completed and meeting the objectives of the business
n
balanced with a secure workflow process

io
ct
May have requirements to protect business sensitive data but unsure how to
du
•
ro
IT administrator:
ep
Concerned about how complex the solution is to install, configure, use, and support
.R
•
ly
• Typically has to balance limited resources across multiple LOB managers and their demands for keeping
on
employees productive and functional

s
er
Print administrator:
ld
ho
• Needs to know the impacts of any solution to current business print processes
ke
• Is responsible for the print devices from their physical operation to the software infrastructures that make
a
it possible for a user to hit file  print and the resulting outcome
St
&L
• Focused on creating an effective end-to-end print operation that satisfies the needs of the LOB managers
and IT administrators
C
P
Chief security officer:

H
• Focused on governing company policy around regulatory compliance and or industry regulation

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• First is hard copies left on output trays. A typical business setting can see almost a 1/3 of printed documents being left
ho
in the out output bin for someone else to see, and, sometimes, even forgotten completely. Some of these may be
w
confidential documents that present a real risk to confidential data.

in
• Next is the device control panel. By default, anyone can browse through the menus, change settings, and copy or email
n
io
copies of internal documents. Whether it is intentional or unintentional, a control panel represents a vulnerability that
ct
can be exploited many different ways.

du
• Another security vulnerability concerns managing the entire printing fleet. Is there a need to know who, what, and
ro
when someone prints, copies, or digital sends from a device? How is security monitored or assessed. Do you need to
ep
show fleet compliance or have a need to enforce policy across an entire fleet?
.R
• Many HP devices today ship with hard drives. During print, copy, and digital sending activities, data is retained on the
ly
on
hard drive. Information such as fax numbers, email addresses, network share information, and stored jobs are stored
locally on the device.
s
er
• A vulnerability that is often overlooked is data sent over the network. By default, HP devices are compatible with many
ld
operating systems, such as MacOS, Unix, Windows, Novell, etc. Even though customers don’t use all of these systems,
ho
the ports are still open and can be exploited. Print data on the network can also be intercepted, viewed, and routed to
ke
other destinations.
a
St
• If customers are using pre-printed forms or checks in paper trays, they may want to lock the trays to prevent
&L
tampering and forgery of documents. Printed documents can be tampered with and easily duplicated. Do you have a
need to protect your hard copy? Examples of hard copy that may be at risk: report cards, registration papers (vehicle,
C
personal, etc.), prescriptions, checks, etc.

P
H
• Discuss these vulnerabilities with your customers so that they are aware of them. They can choose what to do about
them. They may want to mitigate these problems or ignore them, but at least they know what the vulnerabilities are.

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Educating the customer about risks is half the battle. The other half is understanding how to help the
ho
customer if they identify a risk that needs to be addressed.

w
The rest of this class is dedicated to helping you build this map so, in the end, you know how to help the
in
•
customer.
n
io
ct
• Identify risks through examples, facts, and or statistics.

du
− Assess how frequent and to what severity a risk poses to their organization.
ro
ep
− Describe technologies that can be used to mitigate risks.

.R
− Recommend free and or paid HP JetAdvantage features, software, and solutions.

ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Define the risk.

ho
Compare data protection in a laptop that then moves to hard copy print (unsecure process and result).
w
•
in
• Examine industry statistics.

n
io
• Questions to help the customer identify the risk:

ct
− Did you know that almost a 1/3 of all printed documents are not retrieved immediately being left in the output bin
du
for someone else to see and sometimes even forgotten completely?

ro
ep
− Are you aware that some unclaimed documents could be sensitive and or confidential in nature?
.R
• Questions to help the customer assess the risk:

ly
on
− What is the likelihood of an end user failing to retrieve their print out?
s
− What would be the impact if an unclaimed document was retrieved or viewed by the wrong person?
er
ld
Source: The 2112 Group, IDC, Gardner Group Inc, Info-Tech Research Group, Cleveland State University, Buyers
ho
Laboratory, Insight Research Group

a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Define the mitigation technologies.

ho
Review the mitigation technologies (high level).

w
•
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• No server required.
ho
User prints and marks job for private print and hold at the device.
w
•
in
• User creates unique pin via driver prompts.

n
io
• Job is sent (pushed) to the device and held on the local hard disk.
ct
du
• User wants to retrieve job, goes to device, enters unique pin.

ro
Job is printed while user is at the device.

ep
•
.R
• Discuss benefits of push printing.

ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Server based printing

ho
User prints as normal; nothing changes.

w
•
in
• Data leaves the server (secured) and arrives at Pull Print server for holding.
n
io
• User needs to print, locates pull print enabled device, and authenticates.
ct
du
• Select’s print job from the holding queue.

ro
Pull print server pushes print job down to the device.

ep
•
.R
• User retrieves job while at the device.

ly
• Discuss benefits of pull print architecture.

on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Review solution benefits.

ho
Review solution(s) offering and reference material.

w
•
in
*US/Canada availability as of Fall 2014. All other regions TBD.

n
io
**Please check with your PBM for availability.

ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Define the risk. Play video.

ho
Briefly discuss CNBC video effect on customer’s channel.

w
•
in

n
io
− Are you aware the printer retains data on its hard drive when printing and or copying?
ct
du
− Do you know that fax numbers, email addresses, network share information, and stored jobs may be
ro
stored without any data encryption or protection?

ep
• Question to help the customer assess the risk:

.R
− What is the likelihood of a device hard drive being stolen or disposed of improperly within the
ly
on
organization?
s
− What would the impact be if a device hard drive ended up in the hands of somebody outside of the
er
ld
organization?
ho
ake
St
&L
C
P
H

d.
i te
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
The secure disk erase feature provides a choice of three different levels of disk security, which are configurable by an administrator
ho
and may be protected from unauthorized changes with a password.

w
Sanitized erase: conforms to the DoD 5220-22.M specification for deletion of magnetically stored data. Using multiple data writes to
in
eliminate trace magnetic data, sanitized erase prevents subsequent analysis of the hard disk drive’s physical platters for the retrieval
n
of data.
io
ct
• Pass 1: Writes a zero and verifies the write

du
• Pass 2: Writes a one and verifies the write

ro
• Pass 3: Writes a random character and verifies the write

ep
Secure erase: provides increased performance overwriting the existing data once and preventing software-based “undelete”
.R
operations to the data.

ly
Fast erase: provides the greatest performance flagging the print job as deleted and allowing the MFP’s operating system to reclaim
on
and subsequently overwrite the data when needed.

s
er
Encrypting data: data at rest

ld
ho
Encrypting data is another way to protect against theft. When used for data at rest situations, data, if compromised, is illegible and, thus, rendered
useless. Protection of this type requires a highly secure method that is highly efficient for active processes.
ke
• The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of
a
St
Standards and Technology (NIST) in 2001.

&L
• AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),which was published in
1977. The algorithm described by AES is a symmetric-key algorithm meaning the same key is used for encrypting and decrypting the data.
C
− AES 128 bit would take over a billion years to crack with today’s supercomputers.
P
H
− Removing the device or module makes it virtually impossible to read without the unique key generated by the HP printer.

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho
Review solutions(s) offering and reference material.

w
•
in
*Check with your PBM for solution availability.

n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho
Play open network access upgrade firmware video.

w
•
in
• Discuss how this also relates to the GOOGLE EWS demo from earlier.
n
io
• Examine how devices are, by default, open to all network traffic to provide the best out of box experience
ct
possible.
du
ro
• Play network print job capture video.

ep
• Discuss how traditional printing is today.

.R
Questions to help the customer identify the risk:

ly
•
on
− Did you know that the printer accepts network connections from MAC, Windows, Novell, and UNIX clients
s
by default?
er
ld
− Are you aware that print jobs travel across the network in clear view for anyone to see?
ho
ke

a
St
− What is the likelihood of a person intercepting and/or manipulating data being sent to the device?
&L
− What would the impact to the organization be if print jobs and or the device was compromised as a
C
result?
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Define the mitigation solutions.

ho
Review the mitigation solutions (high level).

w
•
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Examine the importance of creating a hardening checklist.

ho
• Leverage the HP Base Policy to help define what and to what risk level should be enabled or disabled.
w
in
• Review the HP Base Policy.

n
io
• Some talking points:

ct
− TCP/IP: Standard TCP/IP printing, also called standard network printing or AppSocket, is the most common
du
method for printing over the network and is the standard printing protocol used by HP print devices. It is the
ro
fastest most reliable way to print over the network.

ep
.R
− LPD/LPR: This protocol and set of programs is typically associated with line-printer spooling services on
ly
various TCP/IP systems, such as Berkeley-based (BSD) UNIX, HP-UX, Linux, and Windows Server.
on
− IPP: This is a standard network protocol for remote printing and for managing print jobs and device media
s
using the common UNIX print system (CUPS).

er
ld
− FTP: File transfer protocol (FTP) printing sends print files from a client system to the print device using a TCP
ho
control and data connection. Although FTP provides user name and password authentication, the credentials
ke
are sent unencrypted over the network.

a
St
− AppleTalk: Appletalk is an obsolete protocol used by the original Apple networking. Apple no longer supports
&L
Appletalk.
C
− IPX/SPX: Internetwork packet exchange (IPX) and sequenced packet exchange (SPX) are protocols primarily
P
used on networks that run the Novell NetWare operating system. These protocols are obsolete.
H
− Bonjour: Apple Bonjour (also known as multicast domain name system or mDNS) is used for discovering Apple
services over the TCP/IP protocol. You can safely disable this policy item if the device is not using Apple
services on the network.

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• HP ACL can limit network access by IP(s).

ho
HP Firewall can limit by IP and or port / protocol.

w
•
in
• HP Firewall makes it possible to model access to business processes ensuring a complete and secure
n
lockout.
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho
Review solution(s) offerings and reference material.

w
•
in

n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Define the risk .

ho
Describe the simplified, yet advanced, state that today’s control panel operate.
w
•
in

n
io
− Are you concerned about users accessing areas of the printer they shouldn’t, such as scan to network,
ct
scan to email, scan to fax, etc?

du
ro
− Do you care who has access to the configuration menus of the device?
ep

.R
− What is the likelihood of an employee misusing, either intentionally or unintentionally, a control panel
ly
on
feature (i.e. copy, fax, scan to folder, scan to email, etc.).

s
− What would be the impact of an employee trying to use a device feature that you would rather not have
er
ld
them use?
ho
*Source: Closing the print security gap, Quocirca

ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho

w
•
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
Walk through access control flow and process at the device. Show animated slide.
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho

w
•
in

n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
ite
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho
• Review common nature of fraud.

w
Discuss which documents thieves target most:

in
•
n
− Checks/Vouchers – Any organization issuing checks or payment vouchers runs big risks of counterfeiting and tampering, and multiple levels of
io
document security features are a must.

ct
du
− Parking passes/stickers – Counterfeits can cause loss of revenue and even liabilities if forgeries are used to gain access to unauthorized areas.
ro
− Product labels – Fraudulent labels on counterfeit products can flood a marketplace and expose consumers to inferior products presented under a
ep
company’s brand name thus damaging the true product’s brand image.
.R
− Tickets or coupons – Event tickets or retailer coupons can often be easily counterfeited with obvious potential loss to the event venue or store.
ly
− Medical documents – Prescription forms and other sensitive medical documents are also potential targets for counterfeiters.
on
− Insurance/Financial documents – Many documents in these industries contain sensitive personal information and should be secured against
s
tampering or reproduction.
er
− Government and legal documents – Government entities and other official organizations need to secure printed documents, such as permits and
ld
licenses, birth/death certificates, vouchers, authentication documents, and certificates of origin/titles.

ho
− ID cards and personal identity documents – It’s critical that issuers use state-of-the-art document security techniques to protect any documents
ke
containing sensitive personal information. ID cards, birth certificates, passports, and related documents are among the favorite targets of
a
thieves.
St
Questions to help the customer identify the risk:

&L
− Do you care who has access to sensitive preprinted forms, such as checks or letterhead, in paper trays?
C
P
− Are you concerned that your printed documents could be duplicated or altered?
H

− What is the likelihood of somebody copying your sensitive documents and or altering them?
− What would the impact be if sensitive documents were tampered with or physically altered?
Source: Document and Fraud Institute

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking Points:
or
le

ho

w
•
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Unique as a software solution, adding copy prevention requires interacting with the print stream directly.
ho
User printing or application are not impacted; users print as normal.

w
•
in
• The print job enters into a special shared queue that redirects the print data to the copy prevention
n
software.
io
ct
Software injects security features directly into the print job.

du
•
ro
• The print job is sent to a designated laser printer for processing.

ep
• The printer creates the original print job along with copy prevention features.
.R
Pantograph makes it so that, if the original is copied, the copy document exposes “void” or “copy” on the
ly
•
on
page.
s
− This works by exploiting the limitations and features of copying equipment. A scanner or photocopier acts
er
ld
as a low-pass filter on the original image by blurring edges slightly. It will also not be perfectly aligned
ho
with the directions of the document, causing aliasing.

ke
• Microprint is a small line of text that is legible on the original but, if copied, disrupts into an illegible rough,
a
St
thin line.
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho

w
•
in
*Check with your PBM for solution availability

n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho
Examine industry statistics.

w
•
in

n
io
− Are you concerned about maintaining a standard level of security across your HP fleet of devices?
ct
du
− Do you care to know who, what, and when someone prints to your HP device(s)?
ro
Questions to help the customer assess the risk:

ep
•
.R
− What is the likelihood of your devices NOT having a hardening checklist and or standard level of security
policy configured?
ly
on
− What would be the impact of your devices failing to meet a standard level of security and or policy
s
configuration?
er
ld
Source: The 2112 Group, IDC, Gardner Group Inc, Info-Tech Research Group, Cleveland State University, Buyers
ho
Laboratory, Insight Research Group

ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho

w
•
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Server based solution:

ho
− Leverages Web Services and SNMP to discover and communicate with devices
w
in
− SNMP is the standard management protocol.

n
io
− SNMP Agent functional overview, including MIB structure

ct
du
− SNMP manager overview, including set and get command structures

ro
− Web services for configuration of HP FutureSmart devices

ep
.R
− SOAP overview
ly
− Server ultimately has the ability to configure devices in groups or fleet and provide proactive monitoring
on
of supplies or device events and reporting.

s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Devices are loaded with a collection agent or come built in with one.
ho
Agent collects all print, copy, and scan data.

w
•
in
• Data is pushed to a centralized server for processing (HTTP or FTP).

n
io
• Server processes data into SQL.

ct
du
• Web interface is used to access collected SQL data to create hundreds of reporting possibilities.
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Sever based solution

ho
Compliance is about identifying, assessing, and remediating devices to a consistent level of security.
w
•
in
• Customer is consulted with to determine the desired level of security.

n
io
• Policy is created to match the customer’s need in terms of device features and protocols being enabled or
ct
disabled.
du
ro
• Fleet of devices is assessed to that policy.

ep
• Reporting is reviewed to determine which devices fail to meet the policy’s security level.
.R
Devices that do not meet the level of security are remediated.

ly
•
on
• Reporting is reviewed to ensure that all devices are in compliance.

s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Discuss the challenges of maintaining compliance.

ho
Server-based solution monitors the network for new devices to come online.
w
•
in
• Devices are automatically assessed and remediated to a defined level of security policy.
n
io
• Reporting can be generated at any time to see policy compliance of the fleet.
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le

ho

w
•
in
• *Check with your PBM for solution availability.

n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Describe how we have covered the entire HP Jet Advantage portfolio from a risk perspective.
ho
Review that the goal of starting a conversation with the customer is about risk management and not about
w
•
leading with product.
in
n
Focus should always be about helping the customer:

io
•
ct
− Identify risks.
du
ro
− Assess risks.
ep
− Prioritize risks.
.R
Review that letting the customer identify the risk simplifies the choice of technologies and, hence, solutions
ly
•
on
you should be prepared to discuss.

s
As a critical step in the consulting process, having this knowledge and maintaining it is critical to being
er
•
ld
successful with having risk-based security conversations with your customer’s.

ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Demo guide is a self paced walk through of HP security as it sits in the device today.
ho
Demo guide completion is a requirement of this course from a knowledge standpoint.

w
•
in
• Not all solutions are available in all regions or to all partner levels.
n
io
• Every risk has a free solution offering for mitigation for partners who want to stay centric to in or around
ct
the box offerings.

du
ro
• Free solutions should be bundled with your own professional services to implement (i.e. HP Web Jetadmin).
ep
• Visit www.hpmyhpsalesguide.com often for updated course and product collateral.

.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Talking points:
or
le
• Lead security conversations with risk-based education rather than product / solution focused selling.
ho
Customers need your help. It’s your obligation as a trusted HP advisor.

w
•
in
• You can benefit customers with an improved security situation while increasing your hardware, software,
n
and services offerings.

io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
ake
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

d.
te
i
ib
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
io
ct
du
ro
ep
.R
ly
on
s
er
ld
ho
a ke
St
&L
C
P
H

Imag Print Security

Uploaded by

Copyright:

Available Formats

Imag Print Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Imag Print Security

Uploaded by

Copyright:

Available Formats

HP DOCUMENT SOLUTIONS TECHNICAL

Book 6: HP Imaging & Printing Security

Learner guide – book 6 of 7

Book 6: HP Imaging & Printing Security

Learner guide – book 6 of 7

Rev 14.41 October 2014

Copyright ©2014 HP corporate presentation. All rights reserved.

Copyright ©2014 HP corporate presentation. All rights reserved. 4

Copyright ©2014 HP corporate presentation. All rights reserved. 5

• Describe the traditional operation model of IT today.

Conclude with something is missing.

Copyright ©2014 HP corporate presentation. All rights reserved. 6

• Describe the nature of most imaging and printing devices today.

(routers, PCs, servers, etc.).

• Conclude with something is missing.

Copyright ©2014 HP corporate presentation. All rights reserved. 7

Security can be one-sided and unbalanced.

Copyright ©2014 HP corporate presentation. All rights reserved. 8

• Customer’s are strongly motivated in securing their business environment.

• Overcoming this situation is a matter of education.

**Closing the print security gap, Quocirca

Copyright ©2014 HP corporate presentation. All rights reserved. 9

Portfolio of printer features, solutions, and services.

Copyright ©2014 HP corporate presentation. All rights reserved. 10

• HP is taking charge by leading out with a product portfolio of security solutions.

Security is not easy to talk about.

You are obligated to educate your customers as their trusted advisor.

Copyright ©2014 HP corporate presentation. All rights reserved. 11

Copyright ©2014 HP corporate presentation. All rights reserved. 12

• Security is defined by the role of the person you are talking to

Line of business manager (LOB):

balanced with a secure workflow process

employees productive and functional

Chief security officer:

Copyright ©2014 HP corporate presentation. All rights reserved. 13

confidential documents that present a real risk to confidential data.

can be exploited many different ways.

personal, etc.), prescriptions, checks, etc.

Copyright ©2014 HP corporate presentation. All rights reserved. 14

Copyright ©2014 HP corporate presentation. All rights reserved. 15

customer if they identify a risk that needs to be addressed.

• Identify risks through examples, facts, and or statistics.

− Describe technologies that can be used to mitigate risks.

− Recommend free and or paid HP JetAdvantage features, software, and solutions.

Copyright ©2014 HP corporate presentation. All rights reserved. 16

Copyright ©2014 HP corporate presentation. All rights reserved. 17

• Define the risk.

• Examine industry statistics.

• Questions to help the customer identify the risk:

for someone else to see and sometimes even forgotten completely?

• Questions to help the customer assess the risk:

Laboratory, Insight Research Group

Copyright ©2014 HP corporate presentation. All rights reserved. 18

• Define the mitigation technologies.

Review the mitigation technologies (high level).

Copyright ©2014 HP corporate presentation. All rights reserved. 19

• User creates unique pin via driver prompts.

• User wants to retrieve job, goes to device, enters unique pin.

Job is printed while user is at the device.

• Discuss benefits of push printing.