Security Basics mailing list archives
Re: Securing Printers
From: Jonathan Kline <klinej () msoe edu>
Date: Tue, 16 Nov 2004 12:53:59 -0600
Put all of your printed into a dedicated vlan, don't provide a route to the vlan, and force all access to the printers to go through a cups box which multihoned (or multivlaned). Then you can do fun stuff like accounting, and quotas, and authentication. Very very simple. There should be no reason to have unsecured devices on the network, and even less reason to have them available to the internet. Wait, on second thought why are you even using real ips on your network? printer should be firewalled from the outside, hence use RFC non routables on your private network and use NAT to the internet. Security needs to be something built into your network from the ground up, and is not something that happens over night. I can think of 1 fun little exploit for the printers (look on ./ for hp printer hack, posted April fools day last year)...... Changing the screen on the printers can cause chaos. ~J On Mon, 2004-11-15 at 11:18 -0600, Bryce Embry wrote:
Howdy, A recent thread on BugTraq, along with some discussions with my colleagues, has me curious about printer security. What dangers are there in giving a printer a public IP address? To me, a printer with a public IP sounds utterly foolish, but I'm not doing a very good job of making this point with my colleagues. They usually respond with the question "Why would anyone want to print something to a printer they can't even find?". My answers (usually "Why not?" or "it's a system running an OS that is subject to exploitation") don't seem to be very convincing, especially since I can't produce any known exploits. I would appreciate any arguments and reasoning that would carry more weight, or enlightenment to help me stop being so paranoid. Thanks, Bryce
-- Jonathan Kline <klinej () msoe edu> Milwaukee School of Engineering
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Securing Printers Bryce Embry (Nov 15)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)
- Re: Securing Printers Virgo Pärna (Nov 16)
- RE: Securing Printers David Gillett (Nov 15)
- Re: Securing Printers Ed Donahue (Nov 16)
- Re: Securing Printers Zurt (Nov 16)
- Re: Securing Printers Matthew Romanek (Nov 16)
- RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Jonathan Kline (Nov 16)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- <Possible follow-ups>
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
- RE: Securing Printers Samuel Petreski (Nov 18)
- Re: Securing Printers Adam Jones (Nov 19)
- RE: Securing Printers Samuel Petreski (Nov 18)
- RE: Securing Printers Herbold, John W. (Nov 19)
(Thread continues...)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)