Re: Networked Printer Best Practice

[Brad Judy <win-hied () BRADJUDY COM>]

Some of the printer vendors have published some specific security guidance documents for their equipment.  I know Xerox 
had some good docs for theirs (http://www.xerox.com/information-security/product/enus.html) and I think I saw some from 
HP (http://www.hp.com/large/solutionhomeshared/ipgsecureprinting.html).  

Most are vendor-specific or model specific.  

There is an IEEE working group on the topic - http://grouper.ieee.org/groups/2600/  Unfortunately, you need a login to 
get to the draft documents.  So if it's a major issue, you can request funding to attend their Feb meeting in Hawaii  
:-)

It looks like Minnesota State wrote up a printer security standard: 
http://www.mnsu.edu/its/security/network%20attached%20printers.pdf

Depending on how you've written your general IT security standards, a lot of printing security issues may already be 
covered (must stay current on patches, no unnecessary services offered, no clear-text authentication, etc).  

Interestingly, I just learned that Google has no entries for "printer security guide" or "printer security checklist", 
which was surprising.  

Brad Judy
  ----- Original Message ----- 
  From: Logan, Kim (loganks) 
  To: SECURITY () LISTSERV EDUCAUSE EDU 
  Sent: Friday, January 23, 2009 2:11 PM
  Subject: [SECURITY] Networked Printer Best Practice


  Hi,

   

  I received a call from a vendor recently asking some rather specific questions regarding security on networked 
printer/copiers.  I would like to respond with a generic security list of security best practice would require 
networked printers to have/not have,  but haven't found anything that meets the general criteria.  Does anyone have or 
know of such a list?

   

  Thanks,

   

  Kim

   

  Kim Logan

  Information Security Officer

  CISSP

  University of Cincinnati

  (513)556-9070

  kim.logan () uc edu