Current reads indicate that network printers are an increasingly popular attack vector. Is this always true and what actions can you take to reduce security risk?
Printers are becoming prime targets for attack. Why? For one they have hard drives which often store sensitive data from scans, copies and prints. Also, they are essentially computers, left unattended in hallways and common areas, easily accessed by increasingly sophisticated hackers. Attacks can be mounted by modem, wireless points, from an infected computer or even a jump drive.
Since printers often have Windows and Linux systems built in (which are usually not monitored or patched) once accessed, intruders and malicious software can move to exploit other computers on your network. To make matters worse, corporate security personnel often overlook the risk. After all, “they’re only printers”. Some manufacturers, like Xerox have incorporated McAfee into the device for extra security.
So, what can you do? First, harden the target. Shut off any unneeded services that the printer offers, such as File Transfer Protocol (FTP). Most organizations do not need FTP access to their printers, and it can often cause more harm than good. For instance, some printers allow an attacker to make FTP requests and take jobs off of a print spool anonymously. Also, many FTP services on modern printers are subject to FTP bounce attacks. With a tool like Nmap, an attacker can obscure the source of a port scan, convincing a compliant FTP server to allow proxy FTP connections. While such FTP bounce scans are old techniques, a remarkable number of brand-new print servers are susceptible to such attacks.
Next, secure the management protocol used for the printer. Carefully choose a management protocol that provides encryption, like HTTPS or SSH. By default, most printers allow admin access with either no password or a widely known default one. Change the password to a value that is more difficult to guess.
Finally, consider putting your printers on their own private VLAN. Filter access to that LAN so that the printer can receive print jobs, but not initiate connections to any other systems. You could take an extra step by putting a firewall in front of your printers to really limit access to and from them.
Printer security is an often-overlooked risk. Contact DocuSense for more info or suggestions to help minimize this security concern.
Simplify your office, your work, your life; DocuSense – Complexity Simplified!