I have Hawking Parallel Print Servers connected to 3 of my printers on my
home network. They work well.
I checked the "Setup" web page on the Hawking and there are absolutely no
options that deal with security.
So I conclude that the Hawking doesn't support any IPP security.
Bob Herriot
At Monday 12/8/2003 03:16 PM, McDonald, Ira wrote:
>Hi,
>>Paul is right. If your Hawking Parallel Print Server
>supports SSL/3.0 (or TLS/1.0) and has a manufacturer
>embedded Server certificate (so that your external
>customer can start an _encrypted_ session to a fully
>authenticated printer), then you can use HTTP simple
>user/password authentication for your client.
>>Cheers,
>- Ira
>>Ira McDonald (Musician / Software Architect)
>Blue Roof Music / High North Inc
>PO Box 221 Grand Marais, MI 49839
>phone: +1-906-494-2434
>email: imcdonald at sharplabs.com>>-----Original Message-----
>From: Moore, Paul [mailto:Paul.Moore06 at ca.com]
>Sent: Monday, December 08, 2003 5:29 PM
>To: McDonald, Ira; Ara Roselani; ipp at pwg.org>Subject: RE: IPP> Printing through a firewall [caution]
>>>>>You can use TLS/SSL with simple user password client auth. This is a lot
>easier to setup than client certs providing the IPP server supports it
>(and it really ought to).
>>>>-----Original Message-----
>From: owner-ipp at pwg.org [mailto:owner-ipp at pwg.org] On Behalf Of
>McDonald, Ira
>Sent: Monday, December 08, 2003 2:12 PM
>To: 'Ara Roselani'; ipp at pwg.org>Subject: RE: IPP> Printing through a firewall [caution]
>>>Hi,
>>[Disclaimer - the following is personal opinion - you should
>consider taking some advice from your organization's network
>security professionals or consultants]
>>Yes, port 631 (and ONLY that port) must be open on external
>firewall (for inbound HTTP over TCP connections) for IPP
>to work.
>>Personally, I would NOT let any external customer print
>through my firewall via IPP, unless I had enabled the
>TLS/1.0 option (which may or may not be supported in
>your Hawking Parallel Print Server) and was using both
>Server authentication (certificate-based SSL just like
>a Web server) AND also Client authentication (cert-based
>SSL authentication for your external client).
>>Otherwise, I think you're going to see quite significant
>denial of service attacks against port 631 on the external
>side of your firewall.
>>Here's a link to Hawking Technology's Print Server family:
>>http://www.hawkingtech.com/prodList.php?FamID=42>>And here's the link to the Datasheet for their HPS1P product:
>>http://209.61.202.44/images/datasheet/HPS1P-Datasheet_LR.pdf>>That datasheet describes their IPP support (briefly) but does
>not mention SSL/TLS support in the implementation (not very
>surprising, because cert-based authentication is not trivial).
>>I hope this all helps some.
>>Cheers,
>- Ira
>>Ira McDonald (Musician / Software Architect)
>Blue Roof Music / High North Inc
>PO Box 221 Grand Marais, MI 49839
>phone: +1-906-494-2434
>email: imcdonald at sharplabs.com>>-----Original Message-----
>From: Ara Roselani [mailto:ara at americanlegalcopy.com]
>Sent: Monday, December 08, 2003 4:15 PM
>To: ipp at pwg.org>Subject: IPP> Printing through a firewall
>>>I'm brand new to IPP and I have a client that wants to print directly to
>our
>copy shop's printer. I'm attempting to set this up without breaching
>security. I'm aware that I can use VPN tunneling (IPSEC), but I'm
>exploring
>other options.
>>We have a Linux Firewall running on Redhat. Our internal network is
>running
>a 192.168.4.0 scheme that goes through the firewall to the router.
>>I have a small Hawking 10/100 Parallel Print Server hooked up to my
>printer,
>which allows IPP printing. It's assigned to 192.168.4.100. I can print
>just fine internally. I'm at the point where I need to assign firewall
>rules to let this through.
>>Do I need to forward port 631 to the firewall's external interface
>through
>NAT to allow IPP to go through? Ideally, I'd like to be able to print
>to
>the Firewall's external IP. Is this secure? Is there a better
>configuration?
>>Thanks.
>---
>Ara Roselani
>Network Administrator
>Portland, Oregon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pwg.org/archives/ipp/attachments/20031208/c1bf12d8/attachment-0001.html