Skip to page content
Skip to main content
University of Maryland
  • School Colleges & Schools
  • Gift Make A Gift

IT Service Desk

Find solutions and report issues

IT Service Desk

Find solutions and report issues

 DIT Logo
  • Service Catalog
  • Support Articles
  • Get Support
  • My Cases
  • Service Status
  • Live Chat
  • Log in
  • Home
  • Articles(IT Support)
  • IT Compliance
  • Best Practices for Securing Printers
Best Practices for Securing Printers -
KB0012224 -
  • 3.0 - Updated on 12-21-2023 by Sussan Dehghan-Kavoosi
  • 2.0 - Updated on 04-27-2023 by Sussan Dehghan-Kavoosi
  • 1.0 - Authored on 02-07-2017 by Joy Horton

Best Practices for Securing Printers

Article metadata. Revised by Sussan Dehghan-Kavoosi
This article was updated • 11mo agoabout a year ago
This article has 85 views. • 85 Views This article has average rating: 0 out of 5 stars • ( ) ( ) ( ) ( ) ( )

By default, any device connected to our wired network (including printers) are placed on a Internet-accessible IP space. This can lead to that printer experiencing a number of problems, the most common of which is the printer printing spam or gibberish wasting a large amount of paper and preventing legitimate use. The frequency of these attacks has been increasing since 2015 and continue to be a concern. In March 2016 we blocked the most common printing port at our campus border, and we will soon add additional common printing ports to the border block. Protect your printers from these and other attacks by following these best practices for securing your printer.

Limit internet connectivity/configure access control lists

  • Review your printer's documentation on how to create access control lists to limit access to that printer to ideally only your department's subnets. If you need to print from on campus but outside your department you can limit to the campus IP space (10.0.0.0/8, 128.8.0.0/16, 129.2.0.0/16, 206.196.160.0/19), this will also allow you to utilize the VPN to print from off campus.
  • If your printer does not have the ability to create an access control list, the Division of IT's Network Operations group can create a network ACL at our campus border for your printer to restrict access to campus only. Please open a ticket with the Service Desk.

Disable unnecessary services

Most printers support a number of different services, many of which are legacy and rarely used. Many services can weaken the overall security of the printer, as they can be identified and exploited by attackers. Disable any services that you do not use. This can often be done by a management web interface enabled on the printer or the physical printer menu.

  • Disable Telnet and FTP - These are older protocols that have been used to manage print jobs in the past and are often no longer used but still turned on by default. We have seen a large number of print spam sent via open FTP servers on printers so we strongly recommend you disable FTP.
  • Disable Embedded Web Server - Many printers allow configuration and administration through a built-in web interface. Configure the web server to only allow traffic over a secure connection (HTTPS), and disable access over HTTP. If you do not use the embedded web server to manage your printer, disable it if possible. (Do this after you have disabled all other unneeded services.)
  • Disable Other Services - Review and disable other rarely used services such as IPP, AppleTalk, and IPv6 where appropriate.

To ensure consistency and completeness in securing your printers, download a copy of the file Printer Security Checklist by clicking the file in the Attachments section below.

Attachments

Attachments

  • Printer Security Checklist.xlsx

Related Articles

No content to display
Helpful?

Division of Information Technology | University of Maryland | 301.405.1500 | itsupport@umd.edu | Web Accessibility | Privacy Notice

© 2024 All rights reserved

DIT on Facebook DIT on Twitter DIT on Instagram