Security Basics mailing list archives
Re: Securing Printers
From: Ed Donahue <edonahue () extrameasures com>
Date: Mon, 15 Nov 2004 18:16:15 -0800
The most immediate to me is a denial of service on the printer; filling it's memory with jobs so that no one else could get in the queue (or creating a single job that has so many pages that no one else will be able to get in). Furthermore, high-capacity printers can burn through a decent amount of paper and toner, costing companies money and inconvenience.
I probably wouldn't be amused to find my printer used and abused.Another arguement is basic network security. Because it's not vulnerable isn't really a good reason to leave it open to the internet; it goes against the most basic concepts of security: You only allow what you need. Anything else can be a leak of information or a point to breach.
-Ed On Nov 15, 2004, at 09:18, Bryce Embry wrote:
Howdy,A recent thread on BugTraq, along with some discussions with my colleagues, has me curious about printer security. What dangers are there in giving a printer a public IP address?To me, a printer with a public IP sounds utterly foolish, but I'm not doing a very good job of making this point with my colleagues. They usually respond with the question "Why would anyone want to print something to a printer they can't even find?". My answers (usually "Why not?" or "it's a system running an OS that is subject to exploitation") don't seem to be very convincing, especially since I can't produce any known exploits. I would appreciate any arguments and reasoning that would carry more weight, or enlightenment to help me stop being so paranoid.Thanks, Bryce
Current thread:
- Securing Printers Bryce Embry (Nov 15)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)
- Re: Securing Printers Virgo Pärna (Nov 16)
- RE: Securing Printers David Gillett (Nov 15)
- Re: Securing Printers Ed Donahue (Nov 16)
- Re: Securing Printers Zurt (Nov 16)
- Re: Securing Printers Matthew Romanek (Nov 16)
- RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Jonathan Kline (Nov 16)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- <Possible follow-ups>
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
(Thread continues...)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)