Unprotected Printers and other Multi-function Devices: The Weakest Link? By: Tyler T. Tobin, GSEC/GIAC Date: 1/7/2010 Securing network printers and other multi-function devices with a password is a critical step in protecting your institution. During our assessments we often find unprotected devices and these devices can be the weakest link in your security position. When we conduct Internal Vulnerability Studies and Risk Assessments, we test for unsecured printers by using a free, open-source tool from a reputable security vendor. This vendor, Softperfect, offers Netscan, which will test for printers that are reachable on port number 80. And if we can reach your printer, so can everyone else. As we evaluate a client’s internal security posture, one area of concern is printers and large multi-function devices that are often installed through a third-party vendor. These devices have hard disk drives, RAM and a full TCP/IP stack. In many scenarios, printers are subject to a number of vulnerabilities. These threats include:   Banner manipulation (change the LCD display text) Obtaining a JetDirect password remotely using the SNMP vulnerability Finding and controlling printers Web JetAdmin tool Using a JetDirect printer as an Nmap idle scan zombie Sniffing print jobs and replaying them Spamming printers As you can see, large multi-function devices that are delivered to client locations from a vendor must also remain under the control of the organization. These devices have additional functionality and must be tested to ensure that they are secure. There are a number of ways to communicate with network printers, so you must remember that, as you address the printer using port 80, there are two additional backdoors to consider. Ensure that both the Telnet and FTP services are password protected. So, during your next IT exam, insist that your printers and multi-function devices be included in the scope of the assessment. Understanding their vulnerabilities can prevent them from being your weakest link.