Re: network printers
- From: Jason Baeder <jason_baeder@xxxxxxxxx>
- Date: Tue, 13 Dec 2005 07:37:59 -0800 (PST)
We are wrestling with some of the same printer issues where I now work.
NIST has a STIG (Security Technical Implementation Guide) for
peripheral devices, but it is very general [due to the variety of
devices it addresses]. See section 5; as expected, most of it common
sense.
http://csrc.nist.gov/pcig/STIGs/peripheral-stig-v1r0.pdf
In the list of vendor-supplied checklists at NIST there is a link to a
HP-supplied checklist for one of its printer products. Although this
guide is a for a "full-featured" product, portions are applicable to
may HP models
http://www.hp.com/united-states/business/catalog/nist_checklist.pdf
Jason
--- Justin <justinvinn@xxxxxxxxx> wrote:
> Mark,
>
> I have found that pft from http://www.phenoelit.de is quite helpful
> when performing audits on printers.
>
> Unfortunatly, I have yet to see a guide to securing printers,
> although
> FX's chapter in _Stealing The Network: How to 0wn_ the box, was quite
> infomative on the subject of attacking a networked printer (BTW, his
> chapter was "h3X's adventures in networkland").
>
> Compromising a printer can yeild some useful results, especially if
> its an HP printer with Java installed. Also, you may have gained some
> admin passwords to try.
>
> And on a somewhat childish side note, if you telnet to port 9100 on a
> printer, type a few lines and then kill the connection via ^], the
> printer will print out what you typed, although it will be
> unformatted.
>
> Hope some of that helped.
>
> -- Justin
>
> On 12/10/05, Mark Brunner <mark_brunner@xxxxxxxxxxx> wrote:
> > Haven't looked at printers in a while.
> > Are there any best practices hardening and audit docs for printers?
> >
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- References:
- Re: network printers
- From: Justin
- Re: network printers
- Prev by Date: DIMVA 2006 - 2nd Call for Papers
- Next by Date: RE: Cracking WEP and WPA keys
- Previous by thread: Re: network printers
- Next by thread: Re: network printers
- Index(es):
Relevant Pages
|
