Educause Security Discussion mailing list archives
Re: Printers, printers, printers
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 11 Dec 2007 15:41:52 -0600
At 03:36 PM 12/11/2007, Martin Manjak put fingers to keyboard and wrote:
I'm curious as to what other schools are doing with respect managing printers. Some of the issues and challenges include: 1. They're cheap. Staff can purchase them directly through departmental credit cards so they aren't subject to purchasing guidelines, or centralized management of their configurations. 2. They're desirable as status symbols. People would rather have a personal printer on their desk than walk down the hall to use a departmental machine. 3. They're loaded. Rarely is a printer just a printer. It's a document imaging system with its own hard drive. It's a web server, often times with a web based management interface complete with a blank admin password. Other services may be running in default mode such as telnet, or ssh, or tftp. 4. They often have public IP addresses assigned to them. The combination of all of the above has caused a proliferation of data leakage points. In essence, what we have are unmanaged servers containing electronic copies of institutional documents that are visible to the world. Secondarily, we have a lot of machines on our networks that can be poked, probed, and mismanaged via publicly facing services with blank or searchable default admin passwords. I'm very interested in what types of controls people may have in place to address any of the above?
We see them responding to inbound scans (via their telnet and ftp services as an example) but haven't seen any recent issues where the actual data on the printer was compromised. I did find out that if you ftp a jpg to one of these printers, it can't deal with the control characters and basically prints a little garbage on all the paper it has loaded. Have you seen actual data compromised? -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Printers, printers, printers Martin Manjak (Dec 11)
- <Possible follow-ups>
- Re: Printers, printers, printers Roger Safian (Dec 11)
- Re: Printers, printers, printers Bristol, Gary L. (Dec 11)
- Re: Printers, printers, printers Julian Y. Koh (Dec 11)
- Re: Printers, printers, printers Jones, Dan (Dec 11)
- Re: Printers, printers, printers Nick Silkey (Dec 12)