Network Printers

February 13, 2009

Hewlett Packard recently released a new security patch to fix an authentication bypass vulnerability in specific network printers. This write up is to serve as a reminder of the importance of securing network printers in general. Network printers are frequently overlooked when securing office networks; sometimes left with default configurations and not patched, they represent a risk to the office network environment.

Network based printers are much more than just a print device. They typically have full operating systems, hard drives, and a full complement of communication services. Built-in services such as ftp, tftp, e-mail, web server, and snmp are increasingly the target of choice for hackers wanting to remain undetected and to gain a foothold in the office network. Because network printer devices are frequently left unsecured with default passwords and utilizing factory default settings they are easy targets.

Example attacks against printers include bridging between networks (i.e wireless to LAN or vice-versa), sniffing network traffic to steal sensitive data, redirection and spoofing of network traffic, malware distribution and email spam generation.

Applicable Devices:

All network printing devices, multifunction copiers, and network based fax machines.

Recommendations:

The following are some basic recommendations for printer security in all environments.

· Keep printers up-to-date with latest firmware releases

· Change the default passwords and settings

· Turn off unnecessary services and features

· Consider requiring authentication to print and to use other services (particularly with multifunction devices)

· If available, encrypt the printer’s hard disk

· Include printers in periodic vulnerability assessments of office networks

· Use appropriate network segmentation, ensuring that printers are separated from networks with critical services

· Use printer accounting features and review logs regularly

· When disposing of printers wipe the hard disk drive

References:

It's Not Exciting, but Neglecting Printer Security is Dangerous:

http://www.itbusinessedge.com/cm/blogs/weinschenk/its-not-exciting-but-neglecting-printer-security-is-dangerous/?cs=13617

Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files:
http://h20000.www2hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4419

Highlighting Printer Security Issues:
http://www.itworld.com/071101networking

Widley used open source incident response and forensic tool goes comercial

One of the live CD incident response and forensic tools which is widely used in the Information Security Industry and one that I have been using for quite some time has gone commercial. Helix from e-fence has been an open source platform since it inception, however, they have announced a new model where by users subscribe to their forum for $14.95 /month for their base model.

A little digging has uncovered a site that is still distributing Helix2008 R1 get it while you can there most certainly will be no more public releases of this platform. The Forensics and Incident response communities do have other viable options but, none to date have been maintained as well or as robust in their tool sets for tasks related to forensics and incident response.