Re: network printers

We are wrestling with some of the same printer issues where I now work.

NIST has a STIG (Security Technical Implementation Guide) for
peripheral devices, but it is very general [due to the variety of
devices it addresses]. See section 5; as expected, most of it common

In the list of vendor-supplied checklists at NIST there is a link to a
HP-supplied checklist for one of its printer products. Although this
guide is a for a "full-featured" product, portions are applicable to
may HP models


--- Justin <justinvinn@xxxxxxxxx> wrote:

> Mark,
> I have found that pft from is quite helpful
> when performing audits on printers.
> Unfortunatly, I have yet to see a guide to securing printers,
> although
> FX's chapter in _Stealing The Network: How to 0wn_ the box, was quite
> infomative on the subject of attacking a networked printer (BTW, his
> chapter was "h3X's adventures in networkland").
> Compromising a printer can yeild some useful results, especially if
> its an HP printer with Java installed. Also, you may have gained some
> admin passwords to try.
> And on a somewhat childish side note, if you telnet to port 9100 on a
> printer, type a few lines and then kill the connection via ^], the
> printer will print out what you typed, although it will be
> unformatted.
> Hope some of that helped.
> -- Justin
> On 12/10/05, Mark Brunner <mark_brunner@xxxxxxxxxxx> wrote:
> > Haven't looked at printers in a while.
> > Are there any best practices hardening and audit docs for printers?
> >

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at: