Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Preventing outside sources accessing the local network via open ports on a networked printer. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Preventing outside sources accessing the local network via open ports on a networked printer.
I've been asked to look into the potential of outside sources gaining access to our local network via networked/shared printers. As far as I understand, the main threat is from unused ports being left open. As printers often have some form of storage/memory, this could provide a platform and route for malware to access all machines on the specific network.

I would greatly appreciate any advice on the specific area of network security, and if anybody could point me towards any literature on this subject.


Thanks in advance,

I
mrectek

2 Posts
Implement proper network segmentation to keep printers on their own VLANs. Restrict access to them (only from the print server and alike).
Harden their configuration (change all default credentials, stop unwanted protocols and update the firmware).
Monitor traffic generated by the printer itself.
Xme

337 Posts
ISC Handler
Thank you for your response.

So you'd suggest sectioning the printers from the Server and LAN as shown simplistically below:

Server –> LAN –> Print Server –> VLAN –> Printers

This makes sense... Effectively the print server restricts the flow of information both up and downstream, only allowing selected IP addresses from the LAN to access the printers and preventing access from unknown/unspecified addresses on the VLAN segment.
mrectek

2 Posts

Sign Up for Free or Log In to start participating in the conversation!