InfoSec Best Practices for Printers: use firewall rules and segment your network
The internet continues to remain abuzz over last week's incidents in which wide-open network printers were used to remotely print malicious flyers, highlighting how and why many organizations' printers are their cybersecurity Achilles heel.
But the problem is much wider than just a college/university phenomenon -- way too many companies and other organizations are exposing their printers and leaving their networks vulnerable.
As we noted yesterday in our blog post, "Are your printers ruining your security?":
A quick Shodan search identifies over 78,000 US-based printers with their TCP port 9100 directly connected to the internet. Port 9100, sometimes referred to as the “jetdirect” port, is typically used by printers to receive print jobs and perform other management functions. In addition, many of these devices have TCP port 515 (the older “lpd” printing protocol) exposed as well, suggesting that there are no firewalls, packet-filtering routers, or intrusion prevention systems in place at the local network where the printers reside.
The bottom line: use firewall rules and segment your network. Only properly hardened servers that have a business need to accept incoming connections -- such as your email and web servers -- should be directly connected to the internet.