Tuesday, August 8, 2006

Printer security

"Getting copies of all printed documents is definitely a security vulnerability, but I think the biggest threat is that the printers are inside the network, and are a more-trusted launching pad for onward attacks."

Bruce Schneier wrote about printer security after he attended a presented at the Black Hat Conference.

I have similar experiences; once installed, printers are often left alone by many IT departments. Even printers that were decommissioned can regularly be found on the network.

The approach that we have taken is that we have put all printers on a separate VLAN, which only allows incoming connections from our printer spoolers. It blocks outgoing connections completely. Furthermore, all critical VLANs explicitly refuse incoming connections that originate from the printer VLAN.

When we set up this system, we did it because it appeared to be the right thing to do. Reading this blog entry supports that feeling.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.