Security Basics mailing list archives

Re: printer security

From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 24 Dec 2008 10:07:40 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sfmailsbm () gmail com wrote:

hi list,
first of all seasons greetings to all of u..

wanted to know what are the existing security features available to protect data being sent from a PC to a printer: 
is the data encrypted in any ways? if so does anyone know the mechanisms behind?
googled on the subject, but did not find anything regarding the security of the printer session

thanks all for ur help!


Printer Security == Oxymoron

Lots of luck here!

Although some of the newer high end printers and printer adapters (e.g.,
HP JetDirect) have TLS support, good luck finding drivers that support
mandatory TLS usage.

If you have an IPv6 LAN, then you have a slightly better chance of being
able to enforce encrypted traffic to your printer by configuring IPv6 on
your network printer adapter to require encryption and authentication.
Again, good luck finding IPv6/IPSec compliant printers or printer
adapters on your network.

(I work with several major security paranoid organizations, and none
have been willing to upgrade to TLS or IPSec support for their printers.)

When it comes to printer security, even more laughable is the firmware
used in the printers. Many are based on ANCIENT versions of NetBSD,
W/CE, W/2K, etc. that are full of known security vulnerabilities and are
often trivially exploitable. Printers are probably the # 2 security
weakness in even the most security organizations. (Non-traditional
computers, such as physical security, HVAC management, SCADA/PLC/DCS,
and other control systems are easily # 1.) Want to hack an organization?
Don't go after their desktops or servers, go after their printers, time
clocks, physical security systems, etc. -- you will probably have a MUCH
easier time compromising the organization.

Hope this helps!

Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklSUDwACgkQUVxQRc85QlM5vQCfac19Njyikl5NibU5YnImcmLc
oAIAoJ/lBJ5H0WiTKJRz7j/b2NkCSuD+
=6v95
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Current thread:

printer security sfmailsbm (Dec 24)
- Re: printer security Jon Kibler (Dec 26)
  - RE: printer security Mercurio, Michael D (Dante) (Dec 29)
- Re: printer security Michal Lovas (Dec 29)
  - Re: printer security ArcSighter Elite (Dec 29)
    - Re: printer security Robin Wood (Dec 30)