Re: Printer Security

["Scantlin, Aaron J." <ScantlinA () MISSOURI EDU>]

I can't think of anything to add to your list, but in the spirit of "trust, but verify", you might consider devoting 
some time to looking at your environment with the printer exploitation toolkit: https://github.com/RUB-NDS/PRET


Aaron J. Scantlin
Security Analyst, Division of IT
GSEC, GCFA, GNFA
University of Missouri - Columbia
(573) 884 - 7555
scantlina () missouri edu



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Barton, Robert W.
Sent: Monday, November 4, 2019 2:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Printer Security

Afternoon,

We are in the process of reviewing our policy for printers/MFPs and changing our vendor.  If anyone can share what they 
have done for printer security, I would appreciate it (please email off list if sensitive in any way).

Below is our current/future security listing (sans details), any comments are welcome;

-          Change administrator and all other default accounts to non-default passwords.

-          Update SNMP community strings.

o   Beware - the default driver install MAY use SNMP.

o   Use a community string that identifies the machine and can be replicated to other areas on campus.

-          Update all firmware (if allowed).

-          Do not network the printer unless necessary

-          Add all MFPs to management applications

-          Do not allow access to printers via the public Internet (unless necessary)

-          Setup LDAP on all MFPs

-          Use passcodes to secure output

-          Setup 'white list' for access

-          Follow manufacturer best practices on security

-          Shutdown unnecessary services and protocols

-          Contact the Office of Technology when disposing of a printer (do not throw in trash or recycle without 
support).

-          All IP information must be assigned by the Office of Technology

-          Encrypt the printer's hard disk (if an option)

-          Shut off

o   USB Printer (if not used)

o   Wireless Printing

-          Configure printer to purge memory or disk

-          Configure any FAX option to only allow 'image data' (if possible)

-

Robert W. Barton
Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663


This message (including any attachments) is intended only for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you 
are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. 
If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy 
this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community