Most modern networked printers now include a large number of unprotected online features for controlling and configuring your printer. Most printers are configured with easily guessable default passwords and security settings which attackers can exploit to take full administrator control of the device. Insecure networked printers can easily be compromised putting your information at risk (e.g. by obtaining copies of your documents) and can also be used as a platform to attack other systems (DDOS attack).
Please review the following simple steps which will help secure your printer and information. This is not a comprehensive security guide and you will also need to review the manufactures security guidelines for more information.
Securing your printer
- Change default Administrator and/or web configuration password to use a strong complex password.
- Note that if the passwords are forgotten, there is a strong possibility that they cannot be reset or retrieved without replacing the hardware.
- Some printers may have separate FTP, Telnet, or other protocol passwords which also need to be changed
- Disable unneeded management protocols
- Most printers will have all protocols enabled by default.
- TCP/IP will be needed for the printer to communicate on the network.
- SNMP is needed mainly for device management monitoring, and communications.
- Examples of unneeded protocols that should be disabled are SMB, Bonjour, FTP, IPP, Ethertalk IPX/SPX and NetWare.
- Use Access Control Lists/IP filtering to restrict who can access the printer.
- If possible, restrict access to the printer via a specific range of IP Addresses.
- Restrict to subnet, individual address, or use the print server address to require printing through it.
- Update firmware
- To protect the network printer from known security vulnerabilities and operability issues, the firmware should be kept up to date.
- Procedures to update vary between manufacturers and models, but it is a good idea to map out or back up the printer configuration and settings before updating the firmware
Physical and information security
- Physical Security
- Secure your printer's control panel through the printer's web interface to prevent authorized changes to settings and files
- Secure your printer's hard drive.
- When possible, place the printer where it can be supervised to prevent unauthorized physical access to the hard drive.
- Remove and destroy hard drives when retiring machines.
- Information Security
- Retrieve print jobs immediately after printing.
- If possible encrypt the printer's hard drive.
- Do not store jobs on the printer any longer than necessary and set the printer to erase print jobs, scans, and faxes once completed.
- If necessary, some printers can be set to store all print jobs until they can be retrieved preferably using a PIN.
- Enable logging to capture job activity, user access, fax logging, configuration changes, etc.
- Logs should be reviewed for irregular activity that can indicate a security incident. For example, transmission of large amounts of data after regular business hours, or many failed log on attempts in a short amount of time can be an indication of a compromised printer.