Printer Pranks

Published: 2011-12-23
Last Updated: 2011-12-23 02:54:02 UTC
by Daniel Wesemann (Version: 1)
4 comment(s)

We currently have a poll running about printer security, and the results so far .. well, aren't looking all that hot. So here's a little primer:

1. Most office printers aren't just printers anymore. So-called MFPs (Multi-function printers) have taken over, and they contain permanent storage (a hard drive, usually), a fax modem, etc

2. Printer default configurations invariably suck. Even nowadays, they often come with SNMP active, and read/write communities set to public/private, silly default passwords, and have lots of unnecessary protocols and ports active.

3. The PJL interface on HP printers, for example, allows access to stored content. These are both stored print and fax jobs. Yes, you can pull stored jobs off the printers, over the network, without anyone noticing. This often even includes confidential print jobs that are "protected" with a PIN. The "hacking" tools to do so were released five, six years ago (google "Hijetter", for example) but amazingly enough still work just fine in way too many environments.

4. Most printer vendors by now support a setting that allows to reliably erase print job spool files from the disk once the print job has been completed. But the default setting is to just delete the file, which means that recent print jobs and faxes can be easily recovered by forensic means. If your printer is one of these, and you sell it for second-hand use, don't be surprised if you end up in the news.


The bottom line being:

  1. get an inventory of your MFPs if you don't have one
  2. come up with a config template that changes all default passwords, disables unnecessary protocols and services, and turns on "secure erase" for stale information on the MFPs hard drive
  3. apply the template to all printers in the inventory
  4. repeat

You can get away with "not managing" old simple printers that have no permanent storage. But not managing MFPs will likely come back to bite you one day.


If you have printer security horror stories or printer configuration tips, please share in the comments below, or via our contact form.

Keywords: printer
4 comment(s)
ISC StormCast for Friday, December 23rd 2011 http://isc.sans.edu/podcastdetail.html?id=2212

Comments


Diary Archives