Skip to main content
Penn Information Systems & Computing Systems Home

Search form

Getting system status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Cloud Solutions
      • Data Center & Colocation Solutions
      • Database & Application Platform Support & Consulting
      • Endpoint Management
      • Recovery Solutions
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • LinkedIn Learning
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • PennBox
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • PennNet
        • Network Names & Numbers
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Hosting Service
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
    • Penn SecureIT program
  • Collaborations
    • Computing Policies
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Penn IT Strategic Plan
    • Cloud First
    • Next Generation Unified Communications
    • Penn Bot
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee (PTIC)
        • About PTIC
        • The PTIC IT Development Fund
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • About
  • Hot Topics
  • Get IT Help

You are here

Home » Securing Hewlett-Packard Printers and Multi-function Devices

Securing Hewlett-Packard Printers and Multi-function Devices

By default, Hewlett-Packard printers and multifunction devices are configured without administrative passwords, or may even allow unauthenticated access to data stored on the built-in hard drive. Please make sure you configure passwords on all printers and multi-function devices in your area. If you don't know the locations and capabilities of all of the devices in your area, see Locate Unmanaged Devices below. In addition, make sure printers and multi-function devices are set for deleting documents and disabling remote firmware updates.

The following instruction is a starting point to address the most significant risks associated with a default Hewlett-Packard printer and multi-function device configurations. 

How to Configure Passwords

By default, Hewlett-Packard printers and multi-function devices are configured with no password protection for the several accounts used to administer the printer and access stored data. Unless the PJL password is set, a HP multi-function device will allow a remote attacker to view faxes on the device's hard drive without authentication. Follow the instructions below to set passwords on many HP multi-function printers:

  1. Install and launch Web Jetadmin, configuring a Web Jetadmin password in the process.
  2. Follow directions on pages 11-12 of the HP Best Practices guide to select the devices you wish to configure (Ensure you are only configuring devices you are responsible for.)
  3. Disable MFP File System External Access by following directions on page 51.
  4. Configure SNMPv3 credentials, disable SNMPv1, and apply changes by following directions on page 16-21.
  5. Configure Bootloader password by following directions on page 37.
  6. Configure EWS and PJL passwords by following directions on page 39-40 and then click "Apply" in the lower right-hand corner. If the settings look correct in the Configure Devices dialog box, click Configure Devices.
  7. Configure File system password by following instructions on page 52. Apply the change as described in Step 5 above.
  8. Once you've completed the above steps for all printers in your area, we recommend that you review the entire HP Best Practices guide to provide additional security such as encrypted transmission of data, disabling unused protocols, and any other protections that are appropriate in your area.
How to Delete Documents

Setting the file system to delete documents from the disk erases files as soon as they are no longer needed. Hewlett-Packard calls this, "Secure Fast Erase." To set the Secure File Erase Mode, follow these instructions:

  1. Use Web Jetadmin.
  2. On the Config tab, choose File System.
  3. Click to select Secure File Erase Mode, and view the options in the dropdown menu.
  4. Select Secure Fast Erase.
  5. Click Apply in the lower right-hand corner. If the settings look correct in the Configure Devices dialog box, click Configure Devices.
How to Disable Remote Firmware Updates

The firmware upgrade operation updates/replaces device operating system code on Hewlett-Packard printers and multi-function devices, and is commonly referred to as a "remote firmware update" (RFU). For security reasons, RFU is an option that should only be enabled when new firmware is being loaded and should be disabled at all other times. Follow the instructions below to disable remote firmware updates on many HP multi-function printers:

  1. Use Web Jetadmin.
  2. Select the device or devices.
  3. Select the Config tab.
  4. Expand the Security section and select the Printer Firmware Update.
  5. Ensure the checkbox is selected and select the Disable radio button.
  6. Click Apply in the lower right-hand corner and follow the dialog prompts.

Visit ISC on LinkedIn

Print
InfoSec Home
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn

© 2025 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff