Printer/network device security
Often when a network-connected device, such as a printer or camera, is installed, it is deployed on the network with no configuration. This can pose a security risk as many default configurations leave printers and other network-connected devices open to tampering. This can lead to exposure of sensitive data, loss of access, or printer vandalism (such as printing of objectionable material).
There are a few important steps to take when installing and configuring a printer (or other network connected device) on the campus network:
- Most devices default to a username and password for administrator access. Configure the username and password to be something other than the default.
- Disable access to ftp (or establish credentials to prevent anonymous connections).
- Disable access to telnet.
- If a printer’s functionality includes access control lists, configure them to only be available to department subnet or only those who need access.
- If SNMP is not required, disable it. Where it is required, change the default SNMP string.
- Schedule periodic times to check for and install updates to the software/firmware.
- If your plan is to administer the device via the web, enable https instead of http, if possible.
- When decommissioning a printer, make sure to properly wipe any storage media such as a hard drive. It may contain sensitive data.