Security Basics mailing list archives
RE: Securing Printers
From: "Samuel Petreski" <petreski () ksu edu>
Date: Thu, 18 Nov 2004 10:55:32 -0600
I think one solution to securing the printers might be the use of Access Control List feature on the HP JetDirect Printers. Most of the JetDirect printers support this feature and the ones that do not, should have a firmware upgrade from HP. To set an access control list on the JetDirect card one will need to telnet to the printer and issue the following commands: allow: IPAddress SubnetMask (ex. >allow 192.168.0.0 255.255.0.0) This will allow everyone from that subnet to print to that printer and also limits access to telnet only from those addresses. To view the access list just type "allow: list", or to remove the access list type "allow: 0". Also access can be implemented with multiple access control lists. --Samuel Samuel Petreski Network Systems Analyst Computing and Network Services Kansas State University -----Original Message----- From: Dante Mercurio [mailto:Dante () webcti com] Sent: Wednesday, November 17, 2004 9:55 AM To: Dubber, Drew B; sec-basic list Subject: RE: Securing Printers To add, I ran into a large copier/printer during an audit that had a web server that stored a number of past documents. Anyone with access to the web console could see the documents in the web console and reprint it irregardless of who originally owned it. Since this was a payroll printer there was an issue with confidentiality. What I haven't heard in your question or asked is why would you want the printer to be public? What are you trying to accomplish? Good Luck, M. Dante Mercurio, CISSP, CWNA, Security+ -----Original Message----- From: Dubber, Drew B [mailto:drew.dubber () eds com] Sent: Tuesday, November 16, 2004 5:31 PM To: sec-basic list Subject: RE: Securing Printers Apologies if this has been said before but nowadays printers come with a lot more. For instance, there is normally a small web server on printers to configure the settings such as IP address etc. Now I'm struggling to remember the details but there was at least one printer with the web server full of holes that it could have easily been compromised from an outside source and potentially used as a gateway to get into something more interesting. Think of what someone could achieve if there were a printer pooling/re-direction option - all prints on that printer going to a third party?! Kind regards Drew -----Original Message----- From: Zurt [mailto:1algorta () rigel deusto es] Sent: 16 November 2004 21:23 Cc: sec-basic list Subject: Re: Securing Printers Ed Donahue wrote:
The most immediate to me is a denial of service on the printer; filling it's memory with jobs so that no one else could get in the queue (or creating a single job that has so many pages that no one else will be able to get in). Furthermore, high-capacity printers can
burn through a decent amount of paper and toner, costing companies money and inconvenience. I probably wouldn't be amused to find my printer used and abused. Another arguement is basic network security. Because it's not vulnerable isn't really a good reason to leave it open to the internet; it goes against the most basic concepts of security: You only allow what you need. Anything else can be a leak of information or a point to breach. -Ed On Nov 15, 2004, at 09:18, Bryce Embry wrote:Howdy, A recent thread on BugTraq, along with some discussions with my colleagues, has me curious about printer security. What dangers are there in giving a printer a public IP address? To me, a printer with a public IP sounds utterly foolish, but I'm not doing a very good job of making this point with my colleagues. They usually respond with the question "Why would anyone want to print something to a printer they can't even find?". My answers (usually "Why not?" or "it's a system running an OS that is subject to exploitation") don't seem to be very convincing, especially since I can't produce any known exploits. I would appreciate any arguments and reasoning that would carry more weight, or enlightenment to help me stop being so paranoid. Thanks, Bryce
If the printer is running an OS wouldn't be possible to forward the printed jobs to an intruder?? Some documents could be confidential... -- _____ Zurt
Current thread:
- Re: Securing Printers, (continued)
- Re: Securing Printers Matthew Romanek (Nov 16)
- RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Matthew Romanek (Nov 16)
- Re: Securing Printers Jonathan Kline (Nov 16)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
- RE: Securing Printers Samuel Petreski (Nov 18)
- Re: Securing Printers Adam Jones (Nov 19)
- RE: Securing Printers Samuel Petreski (Nov 18)
- RE: Securing Printers Herbold, John W. (Nov 19)
- RE: Securing Printers Corey Watts-Jones (Nov 22)
- RE: Securing Printers Herbold, John W. (Nov 22)
- RE: Securing Printers Corey Watts-Jones (Nov 22)