I have experienced a common theme in internal network penetration testing: organizations rarely secure their printers. You may be asking yourself, “so what”? I’ve always been keen on this finding as it’s how I obtained domain administrator access on my first internal penetration test. Unfortunately, it’s commonly overlooked as printers are an afterthought, or they feel innocent enough. Continue reading to learn more about how you can protect your organization’s printers by following best practices.
Default Credentials are King
Many printers don’t natively require authentication to access administrative functions, and if they do, the default credentials are only a web search away from attackers. Ensure that you are resetting all default accounts and requiring authentication where appropriate. Getting access to device configurations can allow attackers to set up honey pots, obtain credentials off the device, or steal information that the printer has access to.
Practice Least Functionality and Least Privilege
Your organizations should already be practicing least functionality for all assets, including printers. You can do this by disabling unneeded protocols (Telnet, FTP, HTTP), using secure communications (HTTPS, SSH), and routing away from public networks. It’s advised to give printers static IP addresses or DHCP reservations to make monitoring and applying access control lists easier. Additionally, least privilege credentials must be used to set up any connectivity to resources such as LDAP. Once an attacker has administrative access to a printer, it’s trivial to retrieve the credentials used to set up such connectivity.
Patch, Patch, and Patch
Much like computers, printers need updates and patches as well. Incorporate your printers in your patch management strategy to include firmware and security updates. Vendors often release updates to address actively exploited vulnerabilities and should be treated the same as a computer or server.
Make Smart Purchases
Before purchasing a printer, you should understand what level of security functionality exists with the product. Unfortunately, many homes and small office printers don’t offer the level of security that an organization may require. Purchasing an insufficient printer could cost you considerably more in operating expenses by trying to apply security requirements that the printer is not designed for.
Securing printers in your organization should be in line with securing computers and servers. Unfortunately, it could be the weak link that allows an attacker to conquer your domain. However, following simple best practices will assist in the advancement of your security program and create a defense-in-depth approach. If you’re unsure of where to start or need help testing the security of your network and devices, please reach out to TCM Security, as we would love to partner with you!
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcmdev.tcmsecurity.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com