Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support:
- Update the firmware.
- Assign a password for web access to the printer.
- Change the SNMP community strings. (These are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known.)
- Disable any unused protocols. (Do you really need Novell IPX enabled, etc?)
- If possible, change the default TCP port from 9100 to another port number. (Specific exploits target the default port and may cause the printers to print blank pages. However, some printers may not be capable of changing this port number.)
- If you have a firewall in front of your printers, only allow trusted IPs (i.e. print server, etc.) to talk directly to the printer.
- Disable FTP, or assign a password.
- If the printer is only used for on-campus printing, consider changing it to a private net 10 IP address. (This is a good security measure to prevent malicious attacks from the Internet. If you need assistance enabling this, contact RIT Service Center.)
E-mail us at firstname.lastname@example.org if you have any questions or suggestions.