Auditing printer security has become a must in today’s world where printers do virtually everything that normal computers can do. Printers now has the capability to send data to the net (via e-mail and network folder), fax data, copying from other networked devices, stapling, etc. auditing printer security is a conscious exercise carried out by management or any other responsible officer of a company to assess the vulnerability of networked printer environment of a company.
WHY DO WE NEED TO AUDIT THE SECURITY OF OUR PRINTER?
You may be asking at this point, why do we actually need to audit the security of our networked printer since we have all the network security technology in place? The simple answer is; because of the multifunction nature of printers, vulnerabilities that were not in existence in printers before now exist. Printers can now be remotely administered. If unchecked, loopholes in networked printers can be a gateway to other secure components of our network.
POSSIBLE ATTACK ON NETWORKED PRINTERS
A hacker can do the following
- Modify the IP (internet protocol) address of a networked printer to an unused IP address on the same subnet.
- Switch the IP address of his laptop to what the address of the printer previously was
- Captures all traffic (all data) sent over port 9100 to the IP address to which end users are configured to use.
- Forward all data to the ‘new’ IP address of the printer.
The above scenario is an example of man-in-the-middle attack. This process happens so fast that the end user will not notice that there has been any form of interference in the process.
STEPS TO AUDITING PRINTER SECURITY
The steps that are needed in auditing the security of our printer are very simple. They are states below:
- Policies and procedures evaluation:
The first thing to do is to evaluate the company’ security policies as it relates to printing and printers. Ensure that policies and procedures to follow in the configuration of printers are clearly stated in the document. Many companies make the mistake of still considering printers as ordinary devices that are just networked within a company’s network thereby not giving adequate attention to it overall configuration.
- Identification of risky points: sample of networked computers should be taken and vulnerable points identified. Freeware and shareware tools can be used to test the level of security available on a networked printer. Try obtaining the IP address of your networked computer from a remote location, manipulate the IP address as described above, then apply these freeware and shareware tools to the data gathered. If done successfully, it then means that there is a security threat in our networked printer environment. Another method that can be used to check for vulnerability to run Nmap scan against the printers selected for review. Nmap is used to scan a network to discover other printers that are connected to it. An attacker can use this technique to figure out which printer is on the subnet and launch attack on it. Common problems encountered in this kind of scanning for vulnerability are: (1) finding Telnet and FTP (file transfer protocol) enabled. Enable the telnet and FTP in order to be successful in this identification process. (2) Printers running an older version of SNMP (simple network management protocol). The use of version one of the SNMP, brings the problems of transferring data in its unencrypted state.
Again, Wireshark could be used to analyse traffic and capture anything sent to port 9100 of the IP, if successful, it then means that the IP of the printer is not locked.
STEPS TO MITIGATING THE IDENTIFIED VULNERABILITIES
Since the common attack that can be launched on networked computers is the man-in-the-middle attack, the IP addresses of every networked printer should be locked down. If management is using a centrally controlled printer, it should ensure that its policies and procedures adequately address the issue of printer security.