HP FutureSmart Firmware Device Hard Disk Security



Similar documents
Lexmark Printers and Multifunction Products: Hard Disk and Non-Volatile Memory Guide

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

IMPRESSION COUNTING CONTENTS. in HP Web Jetadmin

Send to Network Folder. Embedded Digital Sending

Firmware security features in HP Compaq business notebooks

This is an example of MFP password entry in the administration mode for hard-disk protection:

HP Device Manager 4.6

HP External Hard Disk Drive Backup Solution by Seagate User Guide. November 2004 (First Edition) Part Number

HP Designjet Printer series. Security features

SMTP PROXY SERVER INSTALLATION FOR HP QUICKPAGE

HP ProtectTools Embedded Security Guide

HP Embedded SATA RAID Controller

Intel Rapid Start Technology (FFS) Guide

Hard Drive Data Security. Chris Bilello Director, Business Development Konica Minolta Business Solutions U.S.A., Inc.

HP LaserJet Pro Devices Installing 2048 bit SSL certificates

Installing Microsoft Windows

Enabling bizhub HDD Security Features

HP Device Manager 4.6

HP Device Manager 4.6

Managing Microsoft Hyper-V Server 2008 R2 with HP Insight Management

Enterprise Erase LAN

HP LaserJet 4345 MFP Security Checklist 3/29/2006

HP Access Control Express Installation Guide

FTP Server Configuration

SMART INSTALL CONTENTS. Questions and answers

HP LaserJet MFP Analog Fax Accessory 300 Send Fax Driver Guide

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

HP LaserJet P3010 Series Printers HP Embedded Web Server User Guide

HP Notebook Hard Drives & Solid State Drives. Identifying, Preventing, Diagnosing and Recovering from Drive Failures. Care and Maintenance Measures

Backup and Recovery User Guide

How to use Data Protector 6.0 or 6.10 with Exchange Recovery Storage Groups to restore a single mailbox

Software Update, Backup, and Recovery

RAID 1(+0): breaking mirrors and rebuilding drives

EMBEDDED WEB SERVER CONFIGURATION TO ENABLE AUTOSEND AND OUTGOING FOR HP QUICKPAGE

Backing up and restoring HP Systems Insight Manager 6.0 or greater data files in a Windows environment

BACK UP, RESTORE, AND CLONE AN HP WEB JETADMIN INSTALLATION

HP Access Control Smartcard Solution

HP Device Manager 4.7

HP OfficeJet Pro 276DW Scan to Network Folder and Digital Fax to Network Folder not working after firmware upgrade

HP PolyServe Software upgrade guide

Sharing Pictures, Music, and Videos on Windows Media Center Extender

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates

USING THE HP UNIVERSAL PRINT DRIVER WITH WINDOWS 8 AND WINDOWS SERVER 2012

Computer Setup User Guide

Dell DR4000 Disk Backup System. Introduction to the Dell DR4000 Restore Manager A primer for creating and using a Restore Manager USB flash drive

HP Quality Center. Software Version: Microsoft Excel Add-in Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

Avalanche Site Edition

GPT hard Disk Drives. For HP Desktops. Abstract. Why GPT? April Table of Contents:

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Agilent Technologies Truevolt Series Digital Multimeters

HP Quality Center. Software Version: Microsoft Excel Add-in Guide

HP One-Button Disaster Recovery (OBDR) Solution for ProLiant Servers

Arcserve Backup for Windows

HP Priority Services. Priority Access

RAID 1(+0): breaking mirrors and rebuilding drives

CA ARCserve Backup for Windows

USB Secure Management for ProCurve Switches

HP Device Manager 4.6

installing UEFi-based Microsoft Windows Vista SP1 (x64) on HP EliteBook and Compaq Notebook PCs

Instructions for installing Microsoft Windows Small Business Server 2003 R2 on HP ProLiant servers

QuickSpecs. Models HP Smart Array E200 Controller. Upgrade Options Cache Upgrade. Overview

Getting Started. rp5800, rp5700 and rp3000 Models

HP Remote Monitoring. How do I acquire it? What types of remote monitoring tools are in use? What is HP Remote Monitoring?

HP Operations Orchestration Software

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

HP dx5150 RAID Installation and Setup Guide Version Document Part Number:

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

HP ilo mobile app for Android

Guidelines for using Microsoft System Center Virtual Machine Manager with HP StorageWorks Storage Mirroring

HP Application Lifecycle Management

HP Imaging and Printing Security Best Practices

HP StorageWorks MSL2024, MSL4048, and MSL8096 Tape Libraries firmware release notes. Firmware version 4.60 (MSL2024), 6.90 (MSL4048), 9.

HP Data Protector Integration with Autonomy LiveVault

USING MANAGED PRINTER LISTS

HP D2D NAS Integration with HP Data Protector 6.11

Administering Windows-based HP Thin Clients with System Center 2012 R2 Configuration Manager SP1

Quick Start to Evaluating. HP t5630w, HP t5730w, HP gt7720

Backup and Recovery Procedures

HP INTEGRATED ARCHIVE PLATFORM

SecureDoc for Mac v6.1. User Manual

4 Backing Up and Restoring System Software

eprint SOFTWARE User Guide

EMERGENCY DISK RESTORE OPTION (AO REV EA) OPTION EDR

1 of :01

HP LeftHand SAN Solutions

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

Canon imagerunner Hard Disk Drive Data Security Options. Data Encryption and Overwrite

HP Accessibility Guide

HP Color LaserJet CM6040/CM6030 MFP Series Analog Fax Accessory 300 Fax Guide

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

HP Embedded SATA RAID Controller

Downtime Reports. Administrator's Guide

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

RAID-01 (ciss) B mass storage driver release notes, edition 2

HP VMware ESXi 5.0 and Updates Getting Started Guide


Transcription:

HP FutureSmart Firmware Device Hard Disk Security Summary: This document discusses hard disk security for HP FutureSmart Firmware printing devices. Contents: Overview... 2 Secure Erase Commands... 2 1. Managing Temporary Job Files... 2 2. Erase Job Data... 3 3. Secure Disk Erase... 3 4. Erase / Unlock Encrypted Disk... 4 Accessory Drive... 4 Disk Architecture... 5 Disk Initialization Commands... 6 Government Erase Standards... 6 Appendix A: Secure Erase Data Overwrite and Specifications... 7 Appendix B: Device List... 8 February 2016 Version 3.2 Public

Overview This document discusses secure erase options and hard disk security on HP FutureSmart Firmware printing devices. The section of the disk containing job data can now be securely erased on demand, instead of performing an entire disk wipe (See Erase Job Data). Industry standard ATA Secure Erase is an available option which securely wipes all data including spared and reallocated sectors for decommissioning devices (See Secure Disk Erase). Secure Erase Commands HP FutureSmart Firmware printing devices support four different data erase features to securely erase ongoing job data, and for device decommissioning or redeployment. 1. Managing Temporary Job Files The feature controls how temporary job files are erased at the completion of print, copy, fax, or digital send jobs. Temporary job files include: o Temporary data for print jobs o Temporary data for copy, fax, e-mail, and send to network folder jobs The File Erase Modes available are: o Non-secure Fast Erase (No overwrite) o Secure Fast Erase (Overwrite 1 time) o Secure Sanitizing Erase (Overwrite 3 times) Note: For File Erase mode specifications see Appendix A Figure 1: Managing Temporary Job Files settings in the Embedded Web Server (EWS) Figure 2: Secure File Erase Mode settings in Web Jetadmin Note: This setting corresponds to Managing Temporary Job Files setting in EWS 2 Public

2. Erase Job Data This feature will erase and overwrite all job data files stored on the disk including: o Temporary data for print jobs o Temporary data for copy, fax, e-mail, and send to network folder jobs o Stored Jobs, Stored Fax jobs The File Erase Modes available are: o Non-secure Fast Erase (No overwrite) o Secure Fast Erase (Overwrite 1 time) o Secure Sanitizing Erase (Overwrite 3 times) Figure 3: Erase Job Data settings in the Embedded Web Server Figure 4: Erase Customer Data settings in Web Jetadmin Note: This setting corresponds to Erase Job Data setting in EWS 3. Secure Disk Erase This feature securely erases all data on the hard disk, including disk sectors spared and relocated sectors. This erase operation, also known as ATA Erase, is executed directly by the hard disk controller. Secure Disk Erase meets the Purge erase standard defined in NIST Special Publication 800-88, Guidelines for Media Sanitation. Note: See the Government Erase Specifications section 3 Public

This erase mode is only accessible from the pre - boot menus for the main system disk. It is available for accessory disks in EWS and Web Jetadmin. If the erased disk contained the system firmware, performing an Erase/Unlock will render the device inoperable, and a new firmware image must be installed to the disk before the device can be used again. 1 Secure Erase 2 Erase / Unlock 3 Get Statuses Figure 5: Secure Disk Erase in device Pre - boot Menu 4. Erase / Unlock Encrypted Disk The HP High Performance Secure Hard Disk supports a special erase referred to as a Crypto Erase. Selecting the Erase/Unlock option for one of these disks forces its encryption keys to be destroyed and new keys generated. This instantly renders all the encrypted data on the disk unreadable. There is no method to recover the encryption keys and no method to recover the encrypted data once the keys have been changed. This erase mode is only accessible from the pre - boot menus for the main system disk. It is available for accessory disks in EWS and Web Jetadmin. If the erased disk contained the system firmware, performing an Erase/Unlock will render the device inoperable, and a new firmware image must be installed to the disk before the device can be used again. 1 Secure Erase 2 Erase / Unlock 3 Get Status Figure 6: Erase / Unlock in device Pre - boot Menu Accessory Drive A second hard drive can be added to the device to store all customer job data. Once the drive is installed, it is enabled by selecting the drive and clicking the Use option. All existing customer job data is then transferred to the external drive automatically. From that point forward all job data including temporary files for print and scan jobs use the accessory drive instead of the main system drive. Figure 7: Accessory Drive settings in the Embedded Web Server (EWS) 4 Public

The accessory drive can be securely erased independently of the system drive. Two erase operations are available. If the drive is an HP Secure Disk encrypted hard drive, a cryptographic erase can be performed. (See the Erase / Unlock section in the Secure Erase section) Secure Disk Erase selects the most secure method to remove the drives data, other than a cryptographic erase. The method will either be a Secure Erase using data overwrite or an ATA Secure Disk Erase (See the Secure Disk Erase topic in the Secure Erase Command section) Figure 8: Accessory Drive Erase command in Hard Disk Status of EWS Figure 9: Erase options for accessory drive in the Embedded Web Server (EWS) Disk Architecture The printing device Hard Disk is divided into different sections for different classes of data Job Data: Contains all job data, including temporary files for print and scan jobs, and Stored Jobs. Configuration Data: Contains printing device dependant configuration settings and system information. Information stored here includes printing defaults, authentication configuration, and some customer specific configuration settings. System Data: Contains the HP FutureSmart Firmware operating system code. This code must be present on the hard disk for the printing device to boot. Previous HP printing device operating systems booted from a compressed image stored in non-volatile memory. Repository: This area contains a compressed copy of the device operating system installation code, providing a way to restore a corrupted operating system image or recover from a failed firmware upgrade. 5 Public

Disk Initialization Commands These commands reinitialize the hard disk or sections of the disk to provide troubleshooting and diagnostic capabilities. The commands are similar to disk formatting commands and do not provide sector level data overwrite. These erase command are not recommended for securely removing customer data. These commands are only accessible from the device pre - boot menus. Clean Disk removes all data from the disk. This command will render the device inoperable. The device firmware must be re-installed to the disk before the device can be used again. +1 Download 2 Clean Disk 3 Partial Clean 4 Change Password Figure 10: Clean Disk in device Pre - boot Menu Partial Clean removes all data from the disk with the except the compressed operating system installation code in the repository and initiates a reload of the device operation system. +1 Download 32 Partial Clean Disk Clean 3 Partial Clean 4 Change Password Figure 11: Partial Clean in device Pre - boot Menu Government Erase Standards These devices follow comply with current US Government requirements for clearing confidential data from a hard disk as specified in Updated DSS Clearing and Sanitization Matrix AS OF June 28, 2007 and NIST Special Publication 800-88, Guidelines for Media Sanitation. NIST 800-88 defines three levels of sanitization, from weakest to strongest: Clear Overwrite all storage space one or more times Purge Degauss the disk or execute the ATA Secure Erase command if the drive supports it (all hard disks used by HP support this command) Destroy Incinerate, crush, or chemically destroy the disk Secure Erase Feature Managing Temporary Job Files Erase Job Data Secure Disk Erase Erase/Unlock encrypted disk NIST Sanitization Level Clear when using Secure Fast Erase or Secure Sanitize Erase modes Clear Clear and Purge The cryptographic erase used by the HP High Performance Secure Hard Disk has been submitted to NIST for approval at the Purge level of sanitization. No decision has been made yet. 6 Public

Appendix A: Secure Erase Data Overwrite and Specifications Normally when a file is deleted from a HDD, the filename entry is erased from the disk s file allocation table, removing the file s presence. The file s data still exists in the disk s individual sectors and is overwritten only when that sector is allocated for a different file. HP Secure Erase technology overwrites a deleted file s data from the individual sectors with random data using either a one pass or three pass overwrite, which conform to current US Government specifications. Note: See the Government Erase Specifications section for further information To enable Secure Erase using data overwrite, select the following options for File Erase Mode when available: Non-secure Fast Erase mode: Performs standard file system delete only (does not overwrite file data) Secure Fast Erase mode: Performs a one pass overwrite of all data Secure Sanitizing Erase mode: Performs a three pass overwrite of all data Note: The system default is Non-Secure Fast Erase mode. Secure Fast Erase mode is recommended for best overwrite system performance. Overwrite Specifications Secure Fast Erase mode follows the National Institute of Standards and Technology Special Publication 800-88, Guidelines for Media Sanitization. For Secure Fast Erase, each deleted file s data is overwritten once with: the hexadecimal character 0x48. Secure Sanitizing Erase mode follows the U.S. Department of Defense 5220-22.M specification using a succession of multiple data overwrites. For Secure Sanitizing Erase, each deleted file is overwritten with: the fixed character pattern (binary 01001000). the complement of the fixed character pattern (binary 10110111). o o o a random character: A 32k byte buffer of random characters is generated for each file delete operation using the device s unique uptime as the seed. Each byte of file data uses a unique random character from the buffer. The random character buffer is reused up to 32 times, and then regenerated using new random data. To ensure successful completion of each overwrite operation, each overwritten byte is verified. Note: NIST SP-800-88 Guidelines for Media Sanitization (Sept 2006) supersedes the US DOD 5220-2.M (1997 edition) specification. 7 Public

Appendix B: Device List The devices support HP FutureSmart Firmware functionality: HP Color LaserJet CM4540 MFP HP Color LaserJet CP5525 HP LaserJet Enterprise M4555 MFP HP LaserJet Enterprise 500 Color M551xh HP LaserJet Enterprise 500 MFP M525f HP LaserJet Enterprise 500 color MFP M575dn HP LaserJet Enterprise 500 color MFP M575f HP LaserJet Enterprise 600 M603xh HP LaserJet Enterprise MFP 630 series M630h, M630f, M630z HP LaserJet Enterprise 700 M712xh HP LaserJet Enterprise MFP M725 series HP LaserJet Enterprise M750 HP LaserJet Enterprise 700 color M775 series HP LaserJet Enterprise M806 HP LaserJet Enterprise Flow MFP M830 series HP LaserJet Enterprise M855 HP LaserJet Enterprise Flow MFP M880 series 2016 Copyright HP Development Company, L.P. The information contained herein is subject to change without notice. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. February 2016 Version 3.2 8 Public

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information