AntiOnline Spotlight: Network Printers Share Secrets
By Enterprise IT Planet Staff
September 21, 2005
A pair of revealing AntiOnline threads have brought to light what could be a glaring security hole hiding in plain sight: the network printer.
Laser printers, inkjets and some color lasers are sprinkled liberally throughout most offices. Since it's impractical to give each employee his or her own, printers are connected to the same network used to access files and get online. And that's when things start to get messy.
On the surface, they appear to be simple devices. You initiate a print job and seconds later they spit out a hard copy. What's the big deal?
It turns out that printers are little computers in their own right. More than just a jumble of cables, rollers and toner, these machines have enough RAM to store a few hefty print jobs and processors powerful enough to manage complex operations and handle diagnostics. Some even pull double and triple duty as fax machines and copiers.
A little hack here, some traffic sniffing there and like most any other networked-enabled device, a printer can do things it wasn't designed for, including letting others view that confidential memo or sensitive fax.
Now may be a good time to take stock of your security before someone prints out that next important document.
Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.
This Week's Spotlight Thread:
Fun with a JetDirect
Hacking Network Printers
Irongeek makes you think twice before hitting that print button. Here's a sample of the areas his tutorial delves into...
- Finding Network printers using Nmap and SNMP tools
- Using a JetDirect box as an Nmap Idlescan Zombie
- Setting up a direct IP printer in Windows and Linux
- DoSing the network or the printer
- Changing the LCD display text using HPhack, IGhphack or Hijetter
- Using Hijetter to treat some JetDirect boxes as files/web servers
- Finding stored faxes and print jobs on Jetdirect printers
- Don't forget to look for Stored Documents via the web interface
- Sniffing print jobs and replaying them...
SirDice offers some advice on preventing printer abuse.
Sniffing the printer traffic means you have to be in the path somewhere. The 'normal' sniffing rules apply. What I found really, really troublesome is the fact that a lot of the modern printers (usually the ones with fax and scanning capabilities) store documents. Anyone with a browser can just connect to that printer and browse scanned/printed documents.
The TCP/IP stack on these printers is usually seriously flawed too. No way to configure certain aspects like turning ICMP broadcast pings on/off.
That's one of the reasons I usually put all printers on a separate network, firewall them and only allow the printserver access.
A few more details are in order!
At my last job we did it using VLANs. Especially with big sites using dedicated switches is probably not going to work. You would need a lot more switches. Just define a printing VLAN and use an access list to regulate who can do what.
We had to add 1 or 2 workstations so the guys 'n girls from facility management could monitor the printers for empty toners/papers etc. Everybody else had to use the printserver. Pretty simple setup but still effective.
Join this discussion by clicking here.