Secure Your Printers: Network Device Exploits

TL;DR

Networked printers and fax devices are often overlooked in cyber security, but they can be easy targets for attackers. This guide shows you how to identify risks and protect your network by updating firmware, changing default passwords, segmenting the network, disabling unused features, and monitoring activity.

Understanding the Risk

Multi-function printers (MFPs) are essentially computers with networking capabilities. They have operating systems, storage, and often web interfaces. This makes them vulnerable to many of the same attacks as any other computer on your network. An attacker gaining control of a printer can:

• Access sensitive documents being printed or scanned.
• Use the printer as a gateway to access other devices on your network (a ‘bridge’ exploit).
• Install malware.
• Disrupt printing services, causing business downtime.

Step-by-Step Protection Guide

1. Inventory Your Devices: Create a list of all networked printers and fax devices on your network. Include the make, model number, IP address, and location. This is the first step to knowing what needs protecting.
   • Many network scanning tools can help with this automatically.
2. Update Firmware: Outdated firmware often contains known vulnerabilities. Regularly check for and install updates from the manufacturer’s website. This is one of the most important steps.
   • Go to the printer’s web interface (usually by typing its IP address into a browser).
   • Look for a ‘Firmware Update’ or similar option in the settings menu.
3. Change Default Passwords: Printers often come with default passwords that are publicly known. Change these immediately to strong, unique passwords.

   # Example (may vary depending on printer model)

   • Again, access the printer’s web interface.
   • Navigate to ‘Security Settings’ or ‘Administration’.
   • Change both the administrator password and any user passwords.
4. Network Segmentation: Isolate printers on a separate network segment (VLAN) from your main corporate network.
   • This limits the damage an attacker can do if they compromise a printer.
   • Use firewalls to control traffic between the printer network and other networks.
5. Disable Unused Features: Turn off any features you don’t need, such as faxing (if not used), web services, or peer-to-peer printing.
   • The fewer features enabled, the smaller the attack surface.
   • Check the printer’s documentation for instructions on disabling specific features.
6. Enable Secure Protocols: Ensure printers are using secure protocols like HTTPS and IPsec for communication.
   • Avoid older, less secure protocols like HTTP and Telnet.
   • Configure SSL/TLS certificates where appropriate.
7. Monitor Printer Activity: Regularly review printer logs for suspicious activity.
   • Look for unusual print jobs, failed login attempts, or changes to settings.
   • Consider using a security information and event management (SIEM) system to collect and analyze printer logs automatically.
8. Restrict Access: Limit access to the printer’s web interface to authorized personnel only.
   • Use IP address filtering or authentication mechanisms.
9. Regular Security Audits: Periodically review your printer security configuration and policies.
   • This helps identify any new vulnerabilities or weaknesses.

Additional Resources

Check the manufacturer’s website for specific security recommendations for your printer model. Resources from organisations like NIST (National Institute of Standards and Technology) can also provide valuable guidance on cyber security best practices.