Security Basics mailing list archives
Re: Securing Printers
From: Zurt <1algorta () rigel deusto es>
Date: Tue, 16 Nov 2004 22:23:23 +0100
Ed Donahue wrote:
The most immediate to me is a denial of service on the printer; filling it's memory with jobs so that no one else could get in the queue (or creating a single job that has so many pages that no one else will be able to get in). Furthermore, high-capacity printers can burn through a decent amount of paper and toner, costing companies money and inconvenience.If the printer is running an OS wouldn't be possible to forward the printed jobs to an intruder?? Some documents could be confidential...I probably wouldn't be amused to find my printer used and abused.Another arguement is basic network security. Because it's not vulnerable isn't really a good reason to leave it open to the internet; it goes against the most basic concepts of security: You only allow what you need. Anything else can be a leak of information or a point to breach.-Ed On Nov 15, 2004, at 09:18, Bryce Embry wrote:Howdy,A recent thread on BugTraq, along with some discussions with my colleagues, has me curious about printer security. What dangers are there in giving a printer a public IP address?To me, a printer with a public IP sounds utterly foolish, but I'm not doing a very good job of making this point with my colleagues. They usually respond with the question "Why would anyone want to print something to a printer they can't even find?". My answers (usually "Why not?" or "it's a system running an OS that is subject to exploitation") don't seem to be very convincing, especially since I can't produce any known exploits. I would appreciate any arguments and reasoning that would carry more weight, or enlightenment to help me stop being so paranoid.Thanks, Bryce
-- _____ Zurt
Current thread:
- Securing Printers Bryce Embry (Nov 15)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)
- Re: Securing Printers Virgo Pärna (Nov 16)
- RE: Securing Printers David Gillett (Nov 15)
- Re: Securing Printers Ed Donahue (Nov 16)
- Re: Securing Printers Zurt (Nov 16)
- Re: Securing Printers Matthew Romanek (Nov 16)
- RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Jonathan Kline (Nov 16)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- <Possible follow-ups>
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
(Thread continues...)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)