Is your printer a security sore spot?
Did you know that your office printer could cause some major security headaches? Here's what the threats are
By Eric Geier | PC World | Published: 14:00, 29 April 2012
Believe it or not, your network printer or copier could be a serious security liability. After all, theyoften handle very sensitive documents and information and could even be used to gain access to other computers on the network, so you won't want a hacker to get at it. It's time to take printer security seriously.
Simpler printers, like the one you might have in your home office, usually lack internal storage and features like a web interface, so they usually have fewer security vulnerabilities. But more advanced business-class multifunction printers and copiers--which most of this article applies to--pose more threats as they are basically computers with their own hard drive, operating system, and direct network connection.
In this article, I’ll discuss printer security issues and how to combat them. You may find these tips helpful regardless of whether you want to secure your existing equipment, or you're shopping around for new or replacement printers.
Related Articles on Techworld
Before you can understand how to secure your printer, though, you need to know the main threats and vulnerabilities:
Document theft or snooping: One of the most simplest threats is someone simply picking up a document from the printer that doesn’t belong to them.
Unauthorised changes to settings: If your printer settings and controls aren’t secure, someone could mistakenly or intentionally make changes and possibly re-route print jobs, access saved copies of documents, or reset the printer to factory defaults, thus wiping out all your settings.
Saved copies on the internal storage: If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. If somebody steals the printer, or if you throw it out before you properly erase the data, someone could potentially recover the saved documents.
Eavesdropping on network printer traffic: As is the case for most anything connected to a network, hackers could eavesdrop on the traffic and capture the documents you send from your computers to the printer.
Printer hacking via the network or Internet: It's fairly easy for someone on your network to hack into a network-connected printer, especially if it's an older one that lacks newer security features, or if it isn't password-protected.
But attacks from inside your network are only half of the problem. If your printer is accessible via the Internet, anyone could potentially hack it.Attackers could potentially send bizarre print jobs to it, you the printer to transmit faxes, change its LCD readout, change printer settings, perform Denial of Service (DoS) attacks to lock it up, or access saved copies of documents. Someone could even install malware on the printer itself to remotely control or access it.
Physically securing your printers
Increasing the physical security of your printers can help prevent document theft or snooping, unauthorized access to stored documents, and misuse of the printer’s Ethernet or USB connections. Place printers strategically to balance ease of access and security. Placing them in an open area somewhat visible and accessible to most the users might be better than sticking them in a separate room or office where they can’t be monitored as much. But in any case, consider designating separate printers for management and other sensitive departments and keep those secure from the regular employees.
Also consider printers that can help prevent others from walking away with sensitive documents. These printers require you to provide some it with some form of identification (like a PIN) before it actually prints.
And don’t forget about the hard copies of documents; shred sensitive papers when you no longer need them.
Password protect your printers
If you have a business- and enterprise-class printers, it probably has an administrator control panel of some sort that you can access through a Web browser, a screen on the printer itself, or through your PC's command line. Most of these sorts of printers will let you password-protect its control panel to keep others from changing settings without your knowledge. Refer to your printer's documentation to learn how to do this.
Securing printer admin traffic on the network
But a password by itself won't stop a determined hacker. The admin password may not be encrypted when it's sent from your computer to the printer, which means that someone could intercept it and gain access to your printer's controls.
To prevent this, make sure you use an encrypted connection when you access the admin control panel if your printer or print server supports it. For instance, when accessing the interface via a web browser, use an "https://" address (which uses SSL encryption) instead of a regular "http://" connection. If you need command-line access, try to use encrypted SSH instead of clear-text Telnet sessions. If your printer came with a printer management application, check to see if it supports encrypted connections.
To help stop additional hacking, see if your printer supports ACLs (Access Control Lists) or some other feature that allows you to define who can use or administer it. Additionally, be careful not to open your printer’s Web interface (or any other admin interface) up to the Internet, so people on the Internet can’t find and try to hack your printer. Your network firewall should provide enough protection and this shouldn’t be an issue unless you explicitly configure it to open access to your printe., If your printer supports Internet Printing Protocol (IPP), FTP print jobs, or any other feature that lets others send it print jobs over the Internet, consider disabling them if you don’t use them.
If your printer or print server uses SNMP (a protocol used to manage and monitor devices on networks) to communicate (such as HP’s JetDirect products), see if you can change the default SNMP community names to a strong password to help prevent password capturing, cracking, and additional hacking. And whenever possible, use SNMPv3; this newer version of SNMP includes authentication and encryption for added security.
Securing printer user traffic on the network
To prevent users on the network from intercepting print jobs as they're sent to the printer, see if your printer or print server supports encrypted connections to and from the PCs on your network. You’ll find that some printers use SSL/TLS, IPsec, and other encryption methods.
Check your printer’s documentation and the vendor to see if your current equipment supports encryption or if you can purchase additional hardware or software to add the support.
Updating and upgrading your printers
Make sure you keep your printer's firmware and drivers as up-to-date as possible. Updates could add new or improved security features, patch known security holes, and fix other issues.
Discarding your old printers
Before getting rid of an old or broken printer, you need to make sure there aren’t any documents saved on its internal hard drive(if it has one, that is). Check with your printer's documentation or its manufacturer to see if it has a drive, and if it does, how you should erase the data. If the you can easily remove the drive, you could connect it to a PC and possibly erase the data with special drive wiping programs that completely make the data unrecoverable.
Further securing your network
Remember, keeping your printers secure is about location, password protection, encryption, and updating. But your general network security is just as important.