HP JetAdvantage Security Manager 10 Device E-LTU Instrukcja Użytkownika Pobierz pdf (Strona 73)

Bonjour

Bonjour, also referred to as mDNS (Multicast Domain Name System), is Apple’s implementation of the

zero-configuration-networking (zeroconf) methodology. Zeroconf is a combination of specific

technologies that can create a usable local network without manual operator intervention or

configuration. Zeroconf is built on three core technologies: assignment of numeric network addresses

for networked devices, automatic distribution and resolution of computer hostnames, and automatic

location of network services, such as printing devices. The goal of the Bonjour protocol is to achieve

name resolution where conventional DNS name resolution is not possible. Bonjour is built into

Apple’s OS X and iOS, but can also be installed on Windows systems.

Bonjour uses DNS-SD (DNS Service Discovery) to search for services on the network. When Bonjour

is enabled on an HP printer, the printer’s services are advertised to allow a Bonjour capable host the

ability to automatically discover and add the HP printer without knowing the address or model of the

printer. This is a very easy process for the user when compared to the previous situation, where the

user was required to enter the IP address of the printer, and then determine the correct model for

appropriate driver assignment. The burden of knowing the details for configuring the printer is now

removed from the user and is automatically handled by the host and printer using Bonjour. Mobile

users who plug their laptops into different networks can benefit from the Bonjour service. The HP

Universal Print Driver can utilize Bonjour to automatically locate local printers.

The Jetdirect mDNS module processes packets on multicast address 224.0.0.251 and port 5353.

Service advertising occurs in the local domain. Wide area Bonjour service discovery is possible via

an appropriately configured DNS server. When enabled, Jetdirect service advertising includes Port

9100 printing, LPD Printing, IPP Printing and EWS Configuration services. If, after having advertised

any of the above services, the service goes down or is disabled, then the mDNS module will de-

advertise the service. The service can be named and the advertised services can be prioritized.

Consumer technology has penetrated Enterprise IT, and as a result has presented plenty of challenges

related to network performance and security. Users in the enterprise are demanding the same

conveniences they enjoy at home and in public environments with Apple iPads, iPhones, and other

relative technology. Seeing the modernization of technology and potential of increased user

productivity, corporate is embracing this request. Bonjour, as with many of the multicast discovery

methods, is chatty. It is a common practice in many enterprise networking environments to filter

multicast packets for this very reason. This filtering practice can truly limit the use of Bonjour. The

traditionally controlled enterprise networking environments must now embrace this consumer related

technology and determine newer methods to maintain control. In addition to network performance,

there is security risk associated with Bonjour. Like most of the discovery protocols, risks usually fall

into the category of being production disruptive. A weakness in the DNS protocol may allow a

remote attacker to spoof DNS responses, resulting in the requesting application receiving a forged

response. It is always recommended to disable Bonjour wherever it is not required.

1 2 ... 68 69 70 71 72 73 74 75 76 77 78 ... 115 116

Brak uwag

HP JetAdvantage Security Manager 10 Device E-LTU Instrukcja Użytkownika Strona 73