For the month of March, TCM Security is offering free Active Directory Health Checks to any company with 10 or more employees. To inquire, please contact us here.

I have experienced a common theme in internal network penetration testing: organizations rarely secure their printers. You may be asking yourself, “so what”? I’ve always been keen on this finding as it’s how I obtained domain administrator access on my first internal penetration test. Unfortunately, it’s commonly overlooked as printers are an afterthought, or they feel innocent enough. Continue reading to learn more about how you can protect your organization’s printers by following best practices.

Default credentials are king

Many printers don’t natively require authentication to access administrative functions, and if they do, the default credentials are only a web search away from attackers. Ensure that you are resetting all default accounts and requiring authentication where appropriate. Getting access to device configurations can allow attackers to set up honey pots, obtain credentials off the device, or steal information that the printer has access to.

Practice least functionality and least privilege

Your organizations should already be practicing least functionality for all assets, including printers. You can do this by disabling unneeded protocols (Telnet, FTP, HTTP), using secure communications (HTTPS, SSH), and routing away from public networks. It’s advised to give printers static IP addresses or DHCP reservations to make monitoring and applying access control lists easier. Additionally, least privilege credentials must be used to set up any connectivity to resources such as LDAP. Once an attacker has administrative access to a printer, it’s trivial to retrieve the credentials used to set up such connectivity.

Patch, patch, and patch

Much like computers, printers need updates and patches as well. Incorporate your printers in your patch management strategy to include firmware and security updates. Vendors often release updates to address actively exploited vulnerabilities and should be treated the same as a computer or server.

Make smart purchases

Before purchasing a printer, you should understand what level of security functionality exists with the product. Unfortunately, many homes and small office printers don’t offer the level of security that an organization may require. Purchasing an insufficient printer could cost you considerably more in operating expenses by trying to apply security requirements that the printer is not designed for.

Securing printers in your organization should be in line with securing computers and servers. Unfortunately, it could be the weak link that allows an attacker to conquer your domain. However, following simple best practices will assist in the advancement of your security program and create a defense-in-depth approach. If you’re unsure of where to start or need help testing the security of your network and devices, please reach out to TCM Security, as we would love to partner with you!