RE: Securing Printers

From: Dante Mercurio (Dante_at_webcti.com)
Date: 11/17/04

  • Next message: Cesar Diaz: "How secure is VPN access?"
    Date: Wed, 17 Nov 2004 10:54:57 -0500
    To: "Dubber, Drew B" <drew.dubber@eds.com>, "sec-basic list" <security-basics@securityfocus.com>
    
    

    To add, I ran into a large copier/printer during an audit that had a web
    server that stored a number of past documents. Anyone with access to the
    web console could see the documents in the web console and reprint it
    irregardless of who originally owned it. Since this was a payroll
    printer there was an issue with confidentiality.

    What I haven't heard in your question or asked is why would you want the
    printer to be public? What are you trying to accomplish?

    Good Luck,
    M. Dante Mercurio, CISSP, CWNA, Security+

    -----Original Message-----
    From: Dubber, Drew B [mailto:drew.dubber@eds.com]
    Sent: Tuesday, November 16, 2004 5:31 PM
    To: sec-basic list
    Subject: RE: Securing Printers

    Apologies if this has been said before but nowadays printers come with a
    lot more. For instance, there is normally a small web server on printers
    to configure the settings such as IP address etc. Now I'm struggling to
    remember the details but there was at least one printer with the web
    server full of holes that it could have easily been compromised from an
    outside source and potentially used as a gateway to get into something
    more interesting. Think of what someone could achieve if there were a
    printer pooling/re-direction option - all prints on that printer going
    to a third party?!

    Kind regards

    Drew

    -----Original Message-----
    From: Zurt [mailto:1algorta@rigel.deusto.es]
    Sent: 16 November 2004 21:23
    Cc: sec-basic list
    Subject: Re: Securing Printers

    Ed Donahue wrote:

    > The most immediate to me is a denial of service on the printer;
    > filling it's memory with jobs so that no one else could get in the
    > queue (or creating a single job that has so many pages that no one
    > else will be able to get in). Furthermore, high-capacity printers can

    > burn through a decent amount of paper and toner, costing companies
    > money and inconvenience.
    >
    > I probably wouldn't be amused to find my printer used and abused.
    >
    > Another arguement is basic network security. Because it's not
    > vulnerable isn't really a good reason to leave it open to the
    > internet; it goes against the most basic concepts of security: You
    > only allow what you need. Anything else can be a leak of information
    > or a point to breach.
    >
    > -Ed
    >
    > On Nov 15, 2004, at 09:18, Bryce Embry wrote:
    >
    >> Howdy,
    >>
    >> A recent thread on BugTraq, along with some discussions with my
    >> colleagues, has me curious about printer security. What dangers are
    >> there in giving a printer a public IP address?
    >>
    >> To me, a printer with a public IP sounds utterly foolish, but I'm not
    >> doing a very good job of making this point with my colleagues. They
    >> usually respond with the question "Why would anyone want to print
    >> something to a printer they can't even find?". My answers (usually
    >> "Why not?" or "it's a system running an OS that is subject to
    >> exploitation") don't seem to be very convincing, especially since I
    >> can't produce any known exploits. I would appreciate any arguments
    >> and reasoning that would carry more weight, or enlightenment to help
    >> me stop being so paranoid.
    >>
    >> Thanks,
    >>
    >> Bryce
    >>
    >>
    >>
    >
    >
    If the printer is running an OS wouldn't be possible to forward the
    printed jobs to an intruder?? Some documents could be confidential...

    --
    _____
    Zurt
    

  • Next message: Cesar Diaz: "How secure is VPN access?"

    Relevant Pages

    • CUPS problem printing pictures is very slow
      ... all jobs) and everything is working very well, ... # Server name ... # Browse order (BrowseOrder) ... # Whether or not to use implicit classes. ...
      (Debian-User)
    • CUPS problem printing is slow
      ... all jobs) and everything is working very well, ... # Server name ... # Browse order (BrowseOrder) ... # Whether or not to use implicit classes. ...
      (Debian-User)
    • Re: strange problem with send() and recv()
      ... > I try to write a simple tcp based job queue server. ... > get commands from a client and store them in a queue. ... > The client can query the server about the jobs currently queued. ...
      (comp.lang.c)
    • Re: /etc/cron.daily/apt hangs [deviated discussion]
      ... you're the first one I know of who expects jobs in cron.daily to be run ... it caused by a sleep like in the apt script, a slow network or something else) ... Who "switches on" a Unix box??! ... Ubuntu Server (ironic that now, ...
      (Ubuntu)
    • Re: Copying large quantity of files taking forever
      ... The utility xxcopy.exe is known for baulking at large copy jobs. ... copying from another Windows server and even moving from another ... are running Windows Server 2000 or 2003 server. ... at top speed, don't keep more than 10,000 entries in a single folder. ...
      (microsoft.public.windows.server.general)