HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung PDF herunterladen (Seite 69)

Device Discovery

Assess protocols used to discover devices which include service location protocol (SLP), IPv4 multicast

link local multicast name resolution protocol (LLMNR), Web services discovery (WS_Discovery), and

Bonjour (also known as mDNS).

Device Discovery settings control printer discovery protocols. Discovery packets can be spoofed,

causing production disruption. Disable unused protocols to preserve network bandwidth, as well. In

the Device Discovery category, you can control the enabling and disabling of printing device

discovery protocols. Security risk associated with printing device discovery protocols usually fall into

the category of being production disruptive. That is, behavior associated with falsely representing the

identity or attributes of a specific printing device. Disabling unused discovery protocols is also a

good practice relative to preserving network bandwidth.

General

Service Location Protocol (SLP)

Service location protocol (SLP) is used to automate print device discovery in environments using the

common Unix print system (CUPS), and to query devices for network services they provide. If enabled

on the print device, SLP packets are sent to automate discovery. If SLP uses multicast protocols, you

must enable IPv4 multicast.

In its broader definition, Service Location Protocol (SLP) is an IETF standard protocol that provides

network applications the ability to discover the identity, location and configuration of a network

service. Usually implemented as a connection-less UDP (Port 427) packet-oriented protocol, TCP can

be used if lengthier packet transmission is required. SLP scales very well in large networked

environments, but requires specific configuration of routers and switches for the appropriate traversing

of SLP packets. SLP network service discovery can be offered in either active or passive fashion. A

network application requesting network service information would be considered SLP active

discovery. A network service advertising its information without a request would be considered SLP

passive discovery.

HP printers (Jetdirect) advertise their attributes through passive SLP, which is enabled by default.

Attributes include model number, hardware address, IP address, port number, hostname,

manufacturer and command set. SLP packets are generated during printer power cycles, cold resets,

IP address changes and hostname changes. SLP/Multicast addresses fall in the IP range of

224.0.0.0 through 239.255.255.255. HP printers are assigned and use the destination IP address

of 224.0.1.60. HP Web Jetadmin can discover and process SLP packets with the destination

address of 224.0.1.60 when configured for “SLP Listen” discovery.

SLP security vulnerabilities mostly fall into the category of being production disruptive. For example,

the deployment of unauthorized service agents creating false or duplicate attribute replies, resulting in

1 2 ... 64 65 66 67 68 69 70 71 72 73 74 ... 115 116

Keine Kommentare

HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung Seite 69