Re: Securing Printers

[Ed Donahue <edonahue () extrameasures com>]

The most immediate to me is a denial of service on the printer; filling 
it's memory with jobs so that no one else could get in the queue (or 
creating a single job that has so many pages that no one else will be 
able to get in).  Furthermore, high-capacity printers can burn through 
a decent amount of paper and toner, costing companies money and 
inconvenience.

I probably wouldn't be amused to find my printer used and abused.

Another arguement is basic network security.  Because it's not 
vulnerable isn't really a good reason to leave it open to the internet; 
it goes against the most basic concepts of security: You only allow 
what you need.  Anything else can be a leak of information or a point 
to breach.

-Ed

On Nov 15, 2004, at 09:18, Bryce Embry wrote:

> Howdy,
>
> A recent thread on BugTraq, along with some discussions with my 
> colleagues, has me curious about printer security.  What dangers are 
> there in giving a printer a public IP address?
>
> To me, a printer with a public IP sounds utterly foolish, but I'm not 
> doing a very good job of making this point with my colleagues.  They 
> usually respond with the question "Why would anyone want to print 
> something to a printer they can't even find?".  My answers (usually 
> "Why not?" or "it's a system running an OS that is subject to 
> exploitation")  don't seem to be very convincing, especially since I 
> can't produce any known exploits.  I would appreciate any arguments 
> and reasoning that would carry more weight, or enlightenment to help 
> me stop being so paranoid.
>
> Thanks,
>
> Bryce