Best Practice: Set a strong admin password.
Network printers, copiers, or multi-functional devices generally have a web interface that allows the configuration and control of the device. By default, no password is generally set at the factory so users must be diligent in setting a strong password. Instructions can be found on the manufacturer's support site or manuals included with the device. In addition, change any additional passwords or community strings from default settings. If not necessary, consider disabling the service.
Best Practice: Limit network access to the printer.
Utilize security controls to allow access to a printer to authorized users. A private IP number can help secure the printer from being accessed outside of a department or institution. However, not all network infrastructure setups can allow this, so in lieu of using a private IP number, utilize other methods to limit access to the printer as possible such as access control lists in the printer configuration. Some network printing devices include an internal firewall. Utilize the firewall to only allow authorized traffic to the printer.
Best Practice: Disable any unnecessary services running.
Many printers utilize more than a web interface, many times Simple Network Management Protocol (SNMP) is enabled with no community string. In addition, maybe there is open file shares on the hard drive in the printer/copier/multi-functional devices. Disable any services not used. If the web interface is not needed, consider disabling the web server.
Best Practice: Regularly check for and implement firmware updates.
As with patch management with computers, there can be updated firmware that needs to be applied on printers. Updated firmware can make changes in security settings. Whenever a printer is cycled through a cold reset, all settings will go back to factory default. Make sure after any updates or cold resets, security controls are reinstated.
Best Practice: Implement a process to securely dispose of printers, copiers, multi-functional devices.
Many printing or copying devices include the use of a hard drive. If you lease your printer or copier, some vendors will have concessions in the contract regarding disk drive security. If you own your printer or copier, before disposing of the equipment, securely erase or remove the disk drive.
At UNL, the security team works with printer owners to help secure their network printer. A printer is one of those devices that we use on a daily basis that we don’t give a lot of thought to needing to be secured, but it is easy to see how printers can be used by those that cause harm. If you have a printer you don’t know how to configure, contact a member of the Security team and we will work with you to secure it. For more information and instructions, check out http://its.unl.edu/security/printer-security-resources