2 hours 52 minutes
Welcome back to printing Security Intermediate Course in this lab. I'm going to talk Teoh how to manage devices centrally using website admin.
let's go directly to a subject that mean when they're also objected. Minutes assaulter. That is this made by HB, and it's free to download.
Um, it's ah,
multi vendor capable Management's after. So when you using HB devices, it has full set of settings that you can do
with some other women's and it really vendors. And it really depends on a vendor. You can do some things, or a lot of things are almost even everything the same, like with HPD advices.
And the reason why I have chosen HB website admin instead of some other Wenders Fleet Management tool is that subject that mean
has for a long time being so popular that he has almost become in the sea standard It is not. But if you're having a multi vendor printing environment in your company,
it's usually ah that you're going to use vegetate mean because it is the tool that can
give you most from multi vendor environment,
so when you open it,
you don't have any devices there. So when you install it for the first time, and the first thing would be to discover devices on the network.
And when you click on this, you get this window and network discoveries a serious thing.
You can just tell the device to discover. Just look at the entire network and, like we die p broadcast or I selfie multi cast.
But it can generate a lot of traffic, and it can take a lot of time, especially if you're a big company that uses class a network. So we fewer on a very big network and you have tens of thousands of I p possible I peed reservation hundreds of the out
thousands off I P addresses.
Then you're in a problem because this software has to pink each one of these dresses and check if the printer is there.
So what people are usually doing is they're using I P range broadcast. I Ranger Discovery
or specified the dresses if they have ah, very small number off devices in printing devices in the company
so the new can create the list again.
Specified addresses Discovery makes sense only if you were using fixed I P addresses for a printer which is something I read usually recommend. But some people are for various reasons not using it,
and in that case you would probably use I p ranges because you know, big ranges, you have your printing devices.
If you have active directory fully filled, you can use also active directory because then vegetarian is going to go to your active directory. Of course, you have to set
credentials for accessing active directory,
and then it will get information from there. It can also do w as discovery that
that that's something I don't recommend.
Also, if you have PC connected devices, you can find them as well. But then you have to have a nay geant installed on all the PC's, which have locally connected printers. So why are you is B?
and in that case, you have pretty much the same choices for finding the method of discovering devices. Now let's do the I P range and see how it looks.
So I have already done this before, so I'm just using my basic home network, and I have ah set the discovery Toe Work from address is 192 that 91680 That, too, And all the way to 20 because I have set the
But my all my devices in my house have to be between these two addresses. I don't have more than 19 of them, so it's OK,
and I will just take this one,
and I will just click on next.
And I don't need any credentials for this discovery. Sometimes you do need them, because if s in him,
be a community name
is enabled. Community SNP is enabled on your network. And if you're using S and M p
a version one community named which get community which is different than public than
you need to set it up.
Also, if you're using global credentials as well,
so just gives you the quick review off what you're going to do. You're going to review in 19 ranges, um, one range and 19 notes to query. And what vegetarian is now going to do is just think each one of these notes
and find six. Which directive?
And then in the around two or in second pass,
it's just going to ask. These six knows are your printer not?
And it found two devices that are printers on this network.
And just one of these is, uh, the wise that we were using before. So let's Jet 500
and we could in Victory conduct device, we get the basic
status of the device
and we can manage device by going directly toe observer the same one that we used in the previous lab.
But we're not going to do that. We're going to go to come pick
and is going to retrieve information. And because we have set the embedded Web server password for the device,
it's not going now going to ask us what this password is.
Okay, so here we are. Let's go to the
settings of device
and see the things we can do
with that device in terms of
but just at me.
So we have seen that the the I. P. Address is set to 15
sudden it masking gateway and this is it. I can add some things like a system contact system locations over these devices because this is my home
makes no sense. But if these devices, for example, in building C A level five ah, hallway six, then I could enter this here I can. And they're the asset number of the device. Sorry. That was a system location. And also device, physical location. The rice
and I can do some things on the
but what's visible on the
control panel of the device like is the I. P address visible or host name or sillier? Serial number. Now, these things can be useful
whoever is the technician and comes to device can see them immediately. But I would hide them. So this is why I keep them hidden.
Ah, because if somebody who is not welcome there and gets a physical access to the wife's, they can learn a lot by just knowing the I p address and serial number and host name device.
so let's see the other things we can have ah
fleet Management tool like veggie Stedman.
It takes time for to retrieve information. So every time you click on something vegetarian calls the device asked for ah ah approval. And because we have said the password, they now can shaking
changing passwords. This is going through 18 https connection. So it's a secure one,
we will get this soon
So what we got here are just the basic device settings like, uh,
starting the l to clean the frequency of hell to clean page. So basically harder settings over the rights. But number of storage jobs allow the device doing temporary jobs after some time,
like never delete or something like that. So these aerial security things, for example, if you have store jobs, that device and their temporary, you can say hold him for 30 minutes or just one day, and then after that you delete them. So we somebody sent some
store job to a printer and it sits on the hard drive it off the printer,
and then you wanted toe removed after some time because if they don't print it in one day, they can just reprint it if they're actually needed.
And I can click, apply, but just not waste time like just go to the security
settings And, uh
uh, for example, here
we can do the boot loader password. It's the one thing that it's called service or cold or something like that for for a device. Ah, this is Ah, this is a password that is set for technician to typing when they enter the service menu on the device,
you can have device user accounts. So you can,
um, set for new accounts that it can be set this new his administrator or adjusted user.
you can click here and the disabled Direct poured. So direct port taxes to device.
I'm not going to do that, but sometimes it's, ah,
recommended to debt.
here. You can set the embedded to change the embedded Web server password.
Also, if you install a new device on the network, you don't have to set it manually on a device. You can just connect them to a network and then do everything from console off from vegetarian. Um so host, ah, USB plug and play all the settings You have seen them,
uh, like bgl passwords.
You can set them from here.
You can also do it on one device and then replicate on all devices of the same model or with the same model of firmer, which is very nice thing. So you can just save all these settings and then you can click them. Save them is template. And then, for a
a certain group of devices, you can just tell like them here in the list
and just apply the settings template. This is really cool thing, which saves a lot of time.
Also, for example, on the network settings, we can also click here
and now we can see the network settings off the device with each and every
defined. So, for example, primary Deanna Server I p,
which is wrong. But I have
just left it because it doesn't have anything to do with my
home system because I haven't set the skin toe email function on this device. I don't need it.
If I would need to set it, I would definitely need to use the primary DNS server i p. So I would change it. Um, and each one of these things, like Bonn jur service name and the settings for each and every possible
ah network option.
It can be set separately, and then they can be saved as a template and then applied,
uh, later. So, for example, if you have ah error while printing which and happening, somebody said that malicious code and you don't have ah ah bgl commands
aloud. Then you can choose to do dump it, then hold or dumped in reboot or whatever you want. Global crowd cloud print, for example, should be by default. Disabled. So
that's Ah, that's a thing that I don't recommend having on the network device. This is just another increase in attack surface eso you have here. The information's, um
PV six. We can disable it,
and all these things remember that we have done in the invaluable server like 9100 printing or air print or Bonn jur these a role as we set them on device. So
But you can change these things, and then you can do the apply. And when you do the apply, it will just apply all the changes you have done in the speech. So
you see that the things you can see here are much more structured than being embedded Web server. And what is also important is that it looks the same forever. Device. Maybe some of these devices don't have the settings, so they will not show up here.
But if they do, they will just show up in this list.
The good thing is that
along these settings are the same for all different devices
So in that way you can train person to do the management from this console, and they can set the devices according to policies, and you can also generate reports. But we're not going to go here into detail because we have just one device that we set.
Um, you can generate the reports that are scheduled, which will give you the information on how many devices are non compliant to policy or something like that,
or just give you the information on how many devices, for example, have the enabled the 9100 printing and this will.
give you the idea what's happening on your network. So this stool is Ah, as you can see, very specific for managing printers. It is quite different than the tools that are used to manage that stops. O. R. P seized on your network.
If you had the experience with this this you will find this rather complex and and different for you complicated to use. But once you get used to it, you understand
why it is very important to manage printers because there are so many things that can go wrong
just by clicking by accident. One of these boxes and applying it.
So that's the whole idea about managing printers and printing security from Web gem. That mean, as I said that this is just the example that I'm using because I wanted to show you how it works with my HP printer. If I had, for example,
the cannon print, I would probably use Kensi maintenance
or from whatever other wonder they have some off their own software. A ZAY said. The subject, I mean, is mostly used and its most widespread, the ah fleet management softer for printing devices
on and therefore, this is the reason why I have
chosen to show you this one.
The OWASP Online test is a premium Cybrary assessment test created by Interview Mocha. It ...
The Six Sigma Test is a premium Cybrary assessment created by Interview Mocha. This exam ...