Did you know almost every printer is also a web server?
To configure most printers there is a web interface where you can set the administrator password and turn services on and off. Printers have become everything from mail servers to file servers, services like SNMP also run on printers.
The following is why setting a password on a printer should be the first thing you do. This screenshot is from an unsecured printer on the network that ITS security was able to take control of--just because an admin password wasn’t set. The password was reset and the owner was contacted.
Printers have firewalls and Access Control built into them.
It is important to limit access to only those that need to use the printer. Here is an example of a printer ACL and how to limit the printers use to only the IP’s listed in the ACL. This step is very important, it prevents the bad guy/gal from being able to use any of the services on the printer. Note the following phrase from the screen shot below. “If the list is empty, then any system is allowed access.”
Think about the services running on the printer
Do they really need to be on? Do I really need to have the email functionality turned on for the printer? What about SNMP…etc…etc? It is easy to turn these features off if they aren’t needed.
A printer is one of those devices that we use on a daily basis that we don’t give a lot of thought to needing to be secured, but it is easy to see how printers can be used by those that cause harm. If you have a printer you don’t know how to configure, contact a member of the Security team and we will work with you to secure it.