Printers and Networked Devices
Printers were once quite simple devices that could just be plugged in and used. However, they are increasingly becoming fully-fledged computers in their own right. For example, most printers now have built in web servers for management, and printers that can store documents are becoming more common.
This means that it is no longer sufficient to plug in a printer, give it a network address, and print to it. It is important to carry out additional steps to ensure that:
- Any confidential documents stored on the printer are protected from unauthorised access.
- The printer is safe from any denial of service attacks (a poorly secured printer may be prevented from working by an unauthorised person and in the worst case scenario, damaged beyond economical repair).
- Malicious users are prevented from being able to re-purpose the built in web server for malicious purposes.
The key steps to securing a printer are:
- Configuring a secure password for the web pages used to configure the printer.
- Disabling any features that will not be used (so that if vulnerabilities are found in those features, they will not put the printer or your documents at risk).
- Ensuring the firmware of the device is kept up-to-date (since serious security vulnerabilities are sometimes discovered, which printer manufacturers fix with updated firmware.)
Other network devices
An increasing variety of devices can now be connected to the network, ranging from building management systems, to video cameras, through to microscopes.
It is important to understand that these devices often contain quite complex computers and it is important to configure them securely and ensure the software / firmware that these devices run is kept up to date. The risk of failing to do so, is that unauthorised users may be able to use these devices for a malicious purposes or reconfigure the devices in such a way as to render the devices unusable. Depending on the type of device, there could be other consequences - for example a network connected video camera used for confidential research may be inadvertently left viewable to anyone in the university if not securely configured.
The configuration and steps to secure will vary from device to device. Many devices contain a web server from which the device can be configured or used via the web browser. As a minimum, this should be configured with a secure password. The software / firmware should also be updated to the latest version recommended by the supplier of the device.
Depending on the device, there may be other steps needed. Where the type of device is such that unauthorised access could have serious consequences or breach the data protection act, it is particularly vital that the device is secured properly. IT Services can provide further advice on request.