Re: Securing Printers

[Spigga <spigga () gmail com>]

I once had confidential documents being ftp'd off of the printer then
sent back to be printed to cover. We traced it to a server in China.
FTP and HTTP should be disabled methinks.


On Tue, 16 Nov 2004 16:42:00 -0500, Peter Wan <peter.n.wan () gmail com> wrote:
> I remember seeing a reference to a paper at Black Hat that addressed this topic,
> but can't seem to find the information on the paper.  Here is another reference
> that addresses risks of an accessible printer:
>
> http://www.giac.org/practical/GSEC/Vernon_Vail_GSEC.pdf
>
> It talks about the physical security worries, but then talks about how abuse of
> insecure services provided by the printer (Web, FTP, etc.) can cause trouble.
>         --Peter
>
>
>
> On Mon, 15 Nov 2004 11:18:47 -0600, Bryce Embry <embryb () k12tn net> wrote:
> > Howdy,
> >
> > A recent thread on BugTraq, along with some discussions with my
> > colleagues, has me curious about printer security.  What dangers are
> > there in giving a printer a public IP address?
> >
> > To me, a printer with a public IP sounds utterly foolish, but I'm not
> > doing a very good job of making this point with my colleagues.  They
> > usually respond with the question "Why would anyone want to print
> > something to a printer they can't even find?".  My answers (usually "Why
> > not?" or "it's a system running an OS that is subject to exploitation")
> >   don't seem to be very convincing, especially since I can't produce any
> > known exploits.  I would appreciate any arguments and reasoning that
> > would carry more weight, or enlightenment to help me stop being so
> > paranoid.
> >
> > Thanks,
> >
> > Bryce
>
>
> --
> Peter Wan <peter.n.wan () gmail com>