Re: Securing Printers

From: Peter Wan (peter.n.wan_at_gmail.com)
Date: 11/16/04

  • Next message: Zurt: "Re: Securing Printers"
    Date: Tue, 16 Nov 2004 16:42:00 -0500
    To: Bryce Embry <embryb@k12tn.net>
    
    

    I remember seeing a reference to a paper at Black Hat that addressed this topic,
    but can't seem to find the information on the paper. Here is another reference
    that addresses risks of an accessible printer:

    http://www.giac.org/practical/GSEC/Vernon_Vail_GSEC.pdf

    It talks about the physical security worries, but then talks about how abuse of
    insecure services provided by the printer (Web, FTP, etc.) can cause trouble.
            --Peter

    On Mon, 15 Nov 2004 11:18:47 -0600, Bryce Embry <embryb@k12tn.net> wrote:
    > Howdy,
    >
    > A recent thread on BugTraq, along with some discussions with my
    > colleagues, has me curious about printer security. What dangers are
    > there in giving a printer a public IP address?
    >
    > To me, a printer with a public IP sounds utterly foolish, but I'm not
    > doing a very good job of making this point with my colleagues. They
    > usually respond with the question "Why would anyone want to print
    > something to a printer they can't even find?". My answers (usually "Why
    > not?" or "it's a system running an OS that is subject to exploitation")
    > don't seem to be very convincing, especially since I can't produce any
    > known exploits. I would appreciate any arguments and reasoning that
    > would carry more weight, or enlightenment to help me stop being so
    > paranoid.
    >
    > Thanks,
    >
    > Bryce
    >
    >

    -- 
    Peter Wan <peter.n.wan@gmail.com>
    

  • Next message: Zurt: "Re: Securing Printers"