Printer/network device security

Often when a network-connected device, such as a printer or camera, is installed, it is deployed on the network with no configuration.  This can pose a security risk as many default configurations leave printers and other network-connected devices open to tampering.  This can lead to exposure of sensitive data, loss of access, or printer vandalism (such as printing of objectionable material). 

There are a few important steps to take when installing and configuring a printer (or other network connected device) on the campus network:

  • Most devices default to a username and password for administrator access.   Configure the username and password to be something other than the default.
  • Disable access to ftp (or establish credentials to prevent anonymous connections).
  • Disable access to telnet.
  • If a printer’s functionality includes access control lists, configure them to only be available to department subnet or only those who need access.
  • If SNMP is not required, disable it. Where it is required, change the default SNMP string.
  • Schedule periodic times to check for and install updates to the software/firmware.
  • If your plan is to administer the device via the web, enable https instead of http, if possible.
  • When decommissioning a printer, make sure to properly wipe any storage media such as a hard drive.  It may contain sensitive data.