Security Basics mailing list archives
RE: Securing Printers
From: "Corey Watts-Jones" <cwattsjones () rogers com>
Date: Sun, 21 Nov 2004 18:46:53 -0500
The printers in question are on a private subnet for the most part which is why I saw it fit to experiment with those. The large Canon Imagerunner we have is available in the DMZ so that our sales staff can print into the office from remote client locations for order processing. I'm not really advanced enough to be able to provide more information about the code being used for the FTP xfer to the buffer on the printers. I'm actually just getting my feet wet in this segment of the industry. On top of that, I'm not even our net admin. Hehehe... I'm waiting for him to come and ask me about the bizarre behavior of the printers. ;) Corey -----Original Message----- From: Herbold, John W. [mailto:JWHERBOLD () arkbluecross com] Sent: Sunday, November 21, 2004 12:06 PM To: 'Corey Watts-Jones '; ''sec-basic list' ' Subject: RE: Securing Printers I guess my argument would be that it is a possible risk, if not the printers currently in house, what about software upgrades or printer upgrades. As we all have seen just because it is not a risk today does not mean that it will not be risk next Tuesday. What FTP code do they use behind the scene, is someone monitoring it to make sure that it does not have a vulnerability? You know the saying... Secure in Layers. Why take the risk? Was there a business need to give them a public IP? John Herbold Security Specialist -----Original Message----- From: Corey Watts-Jones To: 'Herbold, John W.'; 'sec-basic list' Sent: 11/20/2004 11:16 PM Subject: RE: Securing Printers When the file was dropped in via simple browser based FTP, it was write only. If I tried to copy it back out it would fail. I only briefly experimented with it but on the mid-level office printers it wasn't retrievable. I will experiment further on the Xerox Phaser and the Canon copier I have access to as well. Cheers, Corey -----Original Message----- From: Herbold, John W. [mailto:JWHERBOLD () arkbluecross com] Sent: Friday, November 19, 2004 2:42 PM To: 'sec-basic list' Subject: RE: Securing Printers Can the printer cache be redirected or the information be copied out of the cache? This could give someone access to confidential information. Thanks, John W. Herbold Jr. Security Specialist -----Original Message----- From: Corey Watts-Jones [mailto:cwattsjones () rogers com] Sent: Friday, November 19, 2004 9:50 AM To: 'Matthew Romanek'; 'sec-basic list' Subject: RE: Securing Printers I agree that for units of that size and production capability it's an issue, but after spending a few minutes playing with this on one of our local networks, most regular office printers (I tried it on a Lexmark T20 and an HP 4050) flush their buffers on a regular basis. This would render them pretty useless as storage for an exploit as I saw mentioned earlier on the list. On these printers, if I put a file in there that it couldn't interpret, it would spit out pages with random ASCII text on them and then go into error. When I ftp back into it, the info is gone. Corey Watts-Jones Compusmart Professional Services Technician -----Original Message----- From: Matthew Romanek [mailto:shandower () gmail com] Sent: Tuesday, November 16, 2004 1:55 PM To: sec-basic list Subject: Re: Securing Printers Regarding Printers with public IPs, the very first thing that jumps to my mind is 'What do you consider a printer?'. I say that because quite a few of our printers are ImageRunners or that sort of networked copier. The kind with 80GB harddrives and convenient web interfaces that let you log in and pull up images of the last couple thousand pages that were printed on it, then save or re-print them. If that doesn't trigger alarms with data security, nothing will. -- Matthew 'Shandower' Romanek IDS Analyst
Current thread:
- Re: Securing Printers, (continued)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
- RE: Securing Printers Samuel Petreski (Nov 18)
- Re: Securing Printers Adam Jones (Nov 19)
- RE: Securing Printers Samuel Petreski (Nov 18)
- RE: Securing Printers Herbold, John W. (Nov 19)
- RE: Securing Printers Corey Watts-Jones (Nov 22)
- RE: Securing Printers Herbold, John W. (Nov 22)
- RE: Securing Printers Corey Watts-Jones (Nov 22)
- Re: Securing Printers Peter Wan (Nov 16)