Printer security (was Re: Need Help with the Debian Securing Manual (contributions accepted))
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > I am not sure everybody is aware of the "Securing Debian Manual" >which can be found at >http://www.debian.org/doc/manuals/securing-debian-howto/. In any case, I'm >asking for some help with this document due to the current overload of >information I'm suffering. "cups" aka "cupsys" should be mentioned in the secion on printer daemons. (I've only recently started using it, so am unqualitfied to write about its security.) While not debian-specific, I think ethernet connected printers should be mentioned. Something like: Network connected printers are frequently a security hole. HP printers and emulators accept connections on port 9100 (and 9101, 9102, etc. on multi-printer servers) and print anything sent. They may also be able to run the postscript programs sent to them that may be used to create bigger security holes than just printing. Some models also talk a subset the lpd protocol on port 515. Later models have a telnet client on port 23, and by default have no password. I've even heard of (non-HP) printers that are running a stripped-down version of unix and have an open-relay sendmail running. You should consider putting your printers behind a firewall, and at the minimum not configuring a default gateway unless needed. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html "Text is a way we cheat time." -- Patrick Nielsen Hayden
Printer security (was Re: Need Help with the Debian Securing Manual (contributions accepted))
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > I am not sure everybody is aware of the "Securing Debian Manual" >which can be found at >http://www.debian.org/doc/manuals/securing-debian-howto/. In any case, I'm >asking for some help with this document due to the current overload of >information I'm suffering. "cups" aka "cupsys" should be mentioned in the secion on printer daemons. (I've only recently started using it, so am unqualitfied to write about its security.) While not debian-specific, I think ethernet connected printers should be mentioned. Something like: Network connected printers are frequently a security hole. HP printers and emulators accept connections on port 9100 (and 9101, 9102, etc. on multi-printer servers) and print anything sent. They may also be able to run the postscript programs sent to them that may be used to create bigger security holes than just printing. Some models also talk a subset the lpd protocol on port 515. Later models have a telnet client on port 23, and by default have no password. I've even heard of (non-HP) printers that are running a stripped-down version of unix and have an open-relay sendmail running. You should consider putting your printers behind a firewall, and at the minimum not configuring a default gateway unless needed. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html "Text is a way we cheat time." -- Patrick Nielsen Hayden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
