Time
2 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
3

Video Transcription

00:00
Welcome back to printing Security Intermediate Course in this lab. I'm going to talk Teoh how to manage devices centrally using website admin.
00:11
So
00:12
let's go directly to a subject that mean when they're also objected. Minutes assaulter. That is this made by HB, and it's free to download.
00:22
Um, it's ah,
00:25
multi vendor capable Management's after. So when you using HB devices, it has full set of settings that you can do
00:33
with some other women's and it really vendors. And it really depends on a vendor. You can do some things, or a lot of things are almost even everything the same, like with HPD advices.
00:46
And the reason why I have chosen HB website admin instead of some other Wenders Fleet Management tool is that subject that mean
00:54
has for a long time being so popular that he has almost become in the sea standard It is not. But if you're having a multi vendor printing environment in your company,
01:07
it's usually ah that you're going to use vegetate mean because it is the tool that can
01:15
give you most from multi vendor environment,
01:19
so when you open it,
01:22
you don't have any devices there. So when you install it for the first time, and the first thing would be to discover devices on the network.
01:30
And when you click on this, you get this window and network discoveries a serious thing.
01:37
You can just tell the device to discover. Just look at the entire network and, like we die p broadcast or I selfie multi cast.
01:48
But it can generate a lot of traffic, and it can take a lot of time, especially if you're a big company that uses class a network. So we fewer on a very big network and you have tens of thousands of I p possible I peed reservation hundreds of the out
02:07
thousands off I P addresses.
02:09
Then you're in a problem because this software has to pink each one of these dresses and check if the printer is there.
02:16
So what people are usually doing is they're using I P range broadcast. I Ranger Discovery
02:24
or specified the dresses if they have ah, very small number off devices in printing devices in the company
02:32
so the new can create the list again.
02:37
Specified addresses Discovery makes sense only if you were using fixed I P addresses for a printer which is something I read usually recommend. But some people are for various reasons not using it,
02:51
and in that case you would probably use I p ranges because you know, big ranges, you have your printing devices.
03:01
If you have active directory fully filled, you can use also active directory because then vegetarian is going to go to your active directory. Of course, you have to set
03:13
credentials for accessing active directory,
03:15
and then it will get information from there. It can also do w as discovery that
03:23
that that's something I don't recommend.
03:24
Also, if you have PC connected devices, you can find them as well. But then you have to have a nay geant installed on all the PC's, which have locally connected printers. So why are you is B?
03:39
Um,
03:42
and in that case, you have pretty much the same choices for finding the method of discovering devices. Now let's do the I P range and see how it looks.
03:57
So I have already done this before, so I'm just using my basic home network, and I have ah set the discovery Toe Work from address is 192 that 91680 That, too, And all the way to 20 because I have set the
04:15
But my all my devices in my house have to be between these two addresses. I don't have more than 19 of them, so it's OK,
04:25
and I will just take this one,
04:28
and I will just click on next.
04:32
And I don't need any credentials for this discovery. Sometimes you do need them, because if s in him,
04:41
be a community name
04:43
is enabled. Community SNP is enabled on your network. And if you're using S and M p
04:49
a version one community named which get community which is different than public than
04:56
you need to set it up.
04:59
Also, if you're using global credentials as well,
05:02
so just gives you the quick review off what you're going to do. You're going to review in 19 ranges, um, one range and 19 notes to query. And what vegetarian is now going to do is just think each one of these notes
05:21
and find six. Which directive?
05:25
And then in the around two or in second pass,
05:30
it's just going to ask. These six knows are your printer not?
05:34
And it found two devices that are printers on this network.
05:43
And just one of these is, uh, the wise that we were using before. So let's Jet 500
05:53
and we could in Victory conduct device, we get the basic
05:58
status of the device
06:00
and we can manage device by going directly toe observer the same one that we used in the previous lab.
06:11
But we're not going to do that. We're going to go to come pick
06:15
and is going to retrieve information. And because we have set the embedded Web server password for the device,
06:24
it's not going now going to ask us what this password is.
06:30
Okay, so here we are. Let's go to the
06:35
basic
06:39
settings of device
06:41
and see the things we can do
06:44
with that device in terms of
06:48
excess from
06:50
but just at me.
06:51
So we have seen that the the I. P. Address is set to 15
06:58
sudden it masking gateway and this is it. I can add some things like a system contact system locations over these devices because this is my home
07:09
device
07:11
makes no sense. But if these devices, for example, in building C A level five ah, hallway six, then I could enter this here I can. And they're the asset number of the device. Sorry. That was a system location. And also device, physical location. The rice
07:30
and I can do some things on the
07:32
but what's visible on the
07:35
control panel of the device like is the I. P address visible or host name or sillier? Serial number. Now, these things can be useful
07:45
because this
07:46
whoever is the technician and comes to device can see them immediately. But I would hide them. So this is why I keep them hidden.
07:54
Ah, because if somebody who is not welcome there and gets a physical access to the wife's, they can learn a lot by just knowing the I p address and serial number and host name device.
08:09
Um,
08:11
so let's see the other things we can have ah
08:16
set by
08:18
using
08:20
fleet Management tool like veggie Stedman.
08:26
It takes time for to retrieve information. So every time you click on something vegetarian calls the device asked for ah ah approval. And because we have said the password, they now can shaking
08:41
changing passwords. This is going through 18 https connection. So it's a secure one,
08:50
and, uh,
08:52
we will get this soon
08:54
So what we got here are just the basic device settings like, uh,
09:05
starting the l to clean the frequency of hell to clean page. So basically harder settings over the rights. But number of storage jobs allow the device doing temporary jobs after some time,
09:20
like never delete or something like that. So these aerial security things, for example, if you have store jobs, that device and their temporary, you can say hold him for 30 minutes or just one day, and then after that you delete them. So we somebody sent some
09:35
store job to a printer and it sits on the hard drive it off the printer,
09:41
and then you wanted toe removed after some time because if they don't print it in one day, they can just reprint it if they're actually needed.
09:50
And I can click, apply, but just not waste time like just go to the security
09:56
settings And, uh
09:58
uh, for example, here
10:03
we can do the boot loader password. It's the one thing that it's called service or cold or something like that for for a device. Ah, this is Ah, this is a password that is set for technician to typing when they enter the service menu on the device,
10:22
you can have device user accounts. So you can,
10:26
um, set for new accounts that it can be set this new his administrator or adjusted user.
10:35
Um,
10:37
um,
10:39
you can click here and the disabled Direct poured. So direct port taxes to device.
10:45
I'm not going to do that, but sometimes it's, ah,
10:48
recommended to debt.
10:50
I m
10:52
here. You can set the embedded to change the embedded Web server password.
10:56
Also, if you install a new device on the network, you don't have to set it manually on a device. You can just connect them to a network and then do everything from console off from vegetarian. Um so host, ah, USB plug and play all the settings You have seen them,
11:18
uh, like bgl passwords.
11:22
You can set them from here.
11:24
You can also do it on one device and then replicate on all devices of the same model or with the same model of firmer, which is very nice thing. So you can just save all these settings and then you can click them. Save them is template. And then, for a
11:43
a certain group of devices, you can just tell like them here in the list
11:46
and just apply the settings template. This is really cool thing, which saves a lot of time.
11:54
Also, for example, on the network settings, we can also click here
12:03
and now we can see the network settings off the device with each and every
12:11
setting here
12:13
defined. So, for example, primary Deanna Server I p,
12:18
which is wrong. But I have
12:22
just left it because it doesn't have anything to do with my
12:26
home system because I haven't set the skin toe email function on this device. I don't need it.
12:35
If I would need to set it, I would definitely need to use the primary DNS server i p. So I would change it. Um, and each one of these things, like Bonn jur service name and the settings for each and every possible
12:52
ah network option.
12:56
It can be set separately, and then they can be saved as a template and then applied,
13:05
uh, later. So, for example, if you have ah error while printing which and happening, somebody said that malicious code and you don't have ah ah bgl commands
13:18
aloud. Then you can choose to do dump it, then hold or dumped in reboot or whatever you want. Global crowd cloud print, for example, should be by default. Disabled. So
13:35
that's Ah, that's a thing that I don't recommend having on the network device. This is just another increase in attack surface eso you have here. The information's, um
13:52
PV six. We can disable it,
13:56
Um,
13:58
and all these things remember that we have done in the invaluable server like 9100 printing or air print or Bonn jur these a role as we set them on device. So
14:13
But you can change these things, and then you can do the apply. And when you do the apply, it will just apply all the changes you have done in the speech. So
14:24
you see that the things you can see here are much more structured than being embedded Web server. And what is also important is that it looks the same forever. Device. Maybe some of these devices don't have the settings, so they will not show up here.
14:41
But if they do, they will just show up in this list.
14:46
The good thing is that
14:48
along these settings are the same for all different devices
14:54
So in that way you can train person to do the management from this console, and they can set the devices according to policies, and you can also generate reports. But we're not going to go here into detail because we have just one device that we set.
15:13
Um, you can generate the reports that are scheduled, which will give you the information on how many devices are non compliant to policy or something like that,
15:26
or just give you the information on how many devices, for example, have the enabled the 9100 printing and this will.
15:35
This will
15:37
give you the idea what's happening on your network. So this stool is Ah, as you can see, very specific for managing printers. It is quite different than the tools that are used to manage that stops. O. R. P seized on your network.
15:52
If you had the experience with this this you will find this rather complex and and different for you complicated to use. But once you get used to it, you understand
16:08
why it is very important to manage printers because there are so many things that can go wrong
16:15
just by clicking by accident. One of these boxes and applying it.
16:19
So that's the whole idea about managing printers and printing security from Web gem. That mean, as I said that this is just the example that I'm using because I wanted to show you how it works with my HP printer. If I had, for example,
16:37
the cannon print, I would probably use Kensi maintenance
16:41
or from whatever other wonder they have some off their own software. A ZAY said. The subject, I mean, is mostly used and its most widespread, the ah fleet management softer for printing devices
16:59
on and therefore, this is the reason why I have
17:03
chosen to show you this one.

Intermediate Printing Security

The Intermediate Printing Security course is intended for IT and cybersecurity professionals that want to learn how to secure print devices.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor