Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Enterprise Printer Security


  • Please log in to reply
5 replies to this topic

#1 whitedragon551

whitedragon551

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 06 December 2018 - 06:57 AM

I work for a managed print company in a project management capacity. Ive been hearing a lot about print security and HP's Jet Advantage Security Manager. Ive also heard that the methods people are using to get into networks via print are circumventing firewalls and the like. I can see this being particularly bad for places that have HIPAA data. Does anyone have any additional information or insight into this issue?


Edited by hamluis, 06 December 2018 - 12:27 PM.
Moved from External Hardware to Gen Security - Hamluis.

| Windows Firewall Control | Eset Nod32 |
| VooDooShield Pro | NVT OSArmor | Image for Windows v3.18 |


BC AdBot (Login to Remove)

 


#2 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 06 December 2018 - 10:01 AM

I keep my printers and scanners on its own network using a server to act as the receiver of print jobs and they are  on a network not open to the internet.


Edited by mjd420nova, 06 December 2018 - 10:02 AM.


#3 whitedragon551

whitedragon551
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 06 December 2018 - 10:07 AM

I keep my printers and scanners on its own network using a server to act as the receiver of print jobs and they are  on a network not open to the internet.

 

The issue is that in an enterprise network, people open documents they receive from malicious actors. The documents are not flagged as spam, they are not flagged as containing malware or infections as they are not. People then are sending jobs with malicious data streams to the printer that compromise the security. This circumvents the firewall and any internal security that a company may have and in most cases the spam filter. Once they get access to the MFP from the printed job they are harvesting LDAP credentials from MFP's and digging in to the network.

 

What your saying is that you have them on their own VLAN that does not have access to port 80 or 443?


| Windows Firewall Control | Eset Nod32 |
| VooDooShield Pro | NVT OSArmor | Image for Windows v3.18 |


#4 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 06 December 2018 - 10:13 AM

No, not  A VLAN just a seperate wired network with only the print server between the LAN with web access  and the wired network.  I would guess that most any installation is vulnerable to hackers depending upon how important they deem the info to be.  Determined bad actors can and will circumvent any steps to block them and that makes them even more determined to get in and find what's so important behind all the safeguards.



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 07 December 2018 - 01:44 PM

Are you referring to "Faxploit"?

https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 whitedragon551

whitedragon551
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted Yesterday, 10:23 PM

 

It can be done this way. It can also be from a print job now.


| Windows Firewall Control | Eset Nod32 |
| VooDooShield Pro | NVT OSArmor | Image for Windows v3.18 |





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users