Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
None.
Yeah, but you have to consider that most printers are LAN devices vs Internet ones unlike cameras, etc. You'd have to get inside a LAN to attack it, and if you're already there, there's a lot better fish to prey on.I thought it was worse than that. I just saw this in the HP Officejet Pro 8630 firmware changelog:
Have heard them talking about more vulnerabilities like that on the Security Now podcast.
This is what I'd recommend as the best route for protection. And if you want to take it a crazy step further, put the printer on a separate physical lan and use second nics in each system that has to access it (old 10/100 cards would be great for this). Then it's a completely separate physical lan without any Internet access at all. The only attack vector in a configuration like this is from an individual computer. And even if the printer gets compromised, it can't talk to anyone on the outside world.To be honest, I've kinda given up on a printer being 'secure', so I'm anxious to hear of any vendor that is taking it seriously.
You can minimize the risk by vlaning them off and securing the subnet. My printers don't have internet access, for instance. In fact, in a lot of cases, they can only talk to the print server(s) and even then only on specific ports.
Disabling services also goes a long way in minimizing the risk.
That's pretty much the idea, ya. I usually try to lock things down a bit further and only allow communication over port tcp9100, although this can sometimes vary depending on the printer ( the consumer level printers are a bit sloppier about their port usage ).Could maybe consider putting all the printers on a separate vlan, that will allow you to setup firewall rules such as ensuring they can't "call home" or do anything weird, and also ensure that they can't access the rest of the network except where necessary. So if by chance one does get somehow compromised or turns out to have some fishy firmware, it won't be able to access anything. Basically the vlan would only really need to allow connectivity to the printers from the print server's IP.
Not paranoid--careful. An ounce of prevention can go a long way in cybersecurity.Yes, I'm paranoid.