HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung PDF herunterladen (Seite 77)

Internet Print Protocol (IPP)

This is a standard network protocol for remote printing, and for managing print jobs and device

media using the common UNIX print system (CUPS). If enabled, you must configure your firewall to

accept incoming IPP requests.

Born in the mid-90s, IPP is an IETF standard protocol (RFC 2567) that allows an end user to print to a

remote printer not located on the same physical network. Built upon HTTP (Hypertext Transfer

Protocol) technology, IPP is independent of any operating system and can provide a print-over-the-

internet solution. IPP supports more print operations than the simplistic print job submittal capabilities

of LPD. Additional operations include printer control and print job management. IPP uses the TCP

stack and is a connection-based request/response protocol. Any client that establishes an IPP

connection to the printer can submit print jobs with the appropriate drivers. By default, IPP uses TCP

port 631 as its well-known port and usually requires firewall access to allow operation over the

internet. IPP implementations such as CUPS (Common Unix Printing Systems) also use UDP with port

631 for IPP printer discovery. With Windows, IPP can use the standard port 80 (http) or secure

socket port 443 (https). As mentioned, IPP is implemented using HTTP and inherits all of the HTTP

streaming and security features.

IPP Printing is primarily used as a protocol for printing directly from the Internet. With the emergence

of IPP Everywhere, powerful mobile devices are now commonly used to access Cloud and enterprise

print services across the public internet. Similar to Apple’s AirPrint, IPP Everywhere is an IPP Printer

Work Group (PWG) standard defining an extension of IPP to support network printing without vendor-

specific driver software, including the transport, various discovery protocols, and standard document

formats. Because of this, end user and enterprise documents are at greater risk than ever before. As

is the case with LPD, print jobs, unless sent over a secure connection, travel in clear text format that

anyone using a sniffer or other packet-analysis software can read.

If IPP is used within a given corporation over a private network, the risks of exposing print data might

be low enough to negate the need for data encryption. However, if print data is being transferred

over a public network, encryption is most likely warranted. For secure communication (privacy in

particular), IPP should be run using a secure communications channel. Both TLS and IPsec provide

secure communications channels and provide for mutual authentication. Newer HP devices support

the Secure Internet Print Protocol (IPPS), covered in the next section of this document. By using IPPS

with unique identity certificates, a secure method is created for sending print jobs to the device over

the Internet or Intranet. Unless there is a requirement for IPP printing, it should be disabled. If IPP

printing is required, device security may be applied by configuring a device access control list or

configuring the firewall.

1 2 ... 72 73 74 75 76 77 78 79 80 81 82 ... 115 116

Keine Kommentare

HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung Seite 77