Some Printer Notes

• Printers today come with OS, a filesystem, big hard drives, and (open) network access

• Risks include:1.Sniffing print jobs going over the network in

the clear2.Storing warez, or copyright materials on them3.Using them as a basis for network scanning

JetDirect & Port 9100/tcp

• Prints anything coming into port 9100/tcp

• Could send random data to port 9100 to exhaust resources

• OR…

• For fun: Change the Printer Window Text

Fun With Jet Direct Printers

NMAP Idle Scan

How To Hide or Grab Files on an HP Printer

Disable IPX/SPX

Disable AppleTalk

Disable DLC/LLC

Disable SNMPv1/v2 – Use SNMPv3

Add A Password

Add A Jetdirect Cert to Use SSL

Use ACLs To Limit Access

NMAP Scan• # Nmap 5.00 scan initiated Wed Nov 11 18:49:07

2009Interesting ports on hpprinter.wustl.edu (128.252.X.Y):• PORT STATE SERVICE REASON VERSION• 21/tcp open ftp syn-ack HP JetDirect ftpd• |_ banner: 220 JD FTP Server Ready.• 23/tcp open telnet syn-ack HP JetDirect printer telnetd

(No password)• 80/tcp open http? syn-ack• | html-title: hp color LaserJet 4650• Don’t let your printers on the network without a password!

We will find you!

Minimum Security Baseline I

• Put printers on WUSTL private space• Enable telnet and web passwords• Enable SSL encryption if available• Turn off any protocols not being used like

IPX/SPX, AppleTalk, tftp, etc• Printer ACLs permit only your subnet(s)

Minimum Security Baseline II

• Disable SNMPv1 and v2 if possible• Use SNMPv3 which includes encryption• Change the default SNMP string

The IT Department “Fixing” An Insecure Printer