Security recommendations for printers


  1. BLOCK THE ACCESS TO THE PRINTER FROM THE INTERNET
    Place the printers on a private network segment (e.g., 10.0.0.0/8 or 192.168.0.0/16). If this is not possible, use a firewall to restrict access to the printer. Then set up a dedicated machine as a print server with appropriate access authentication.

  2. CHANGE DEFAULT PASSWORDS
    Both for accessing the printer (SSH) and its web interface. Suppose the printer's administrative interface is not configured correctly. In that case, attackers can potentially change the printer's network address and redirect print jobs, perform a Denial of Service attack to disable the device or use the printer as a platform to attack other systems on the network.

  3. USE AN ENCRYPTED CONNECTION TO ACCESS PRINTER ADMINISTRATION
    Use HTTPS (instead of HTTP) for the web interface and SSH (instead of Telnet) to access the system.

  4. UPDATE REGULARLY
    Check the availability of firmware updates for all printers as part of your regular machine update schedule.

  5. USE SATIC IP ADRESSES
    If possible, use private static IP addresses and disable mDNS and SNMP protocols. If you need SNMP, use only the SNMPv3 version and change the default SNMP Community Name to a new strong enough password.
  6. USE ENCRYPTED PRINT PROTOCOLS SUCH AS IPPS OR WSD OVER HTTPS
    Do not use print protocols (IPP, LPD, RAW, WSD, SMB) that do not encrypt printed documents. If the printer does not support secure protocols, use RAW (also known as port 9100, AppSocket, or HP JetDirect) or IPP. Disable LPD and SMB protocols on the printer.
  7. USE SSL/TLS OR IPSEC
    Do so wherever it is possible to prevent eavesdropping on communications.

  8. TURN OFF UNUSED SERVICES
    Disable Telnet on all printers. If not explicitly required, disable mDNS (Bonjour), Multicast IPv4, SNMP, Emails, Fax, FTP, HTTP, SLP, IPX/SPX, and DLCPLLC, which are usually enabled by default on printers.

  9. USE SECURITY SETTINGS RECOMMENDED BY THE MANUFACTURER
    Some printers have advanced security options (e.g., file system security). Study the advanced settings documentation for a specific device and apply the settings recommended by its manufacturer.

You are running an old browser version. We recommend updating your browser to its latest version.