Secure a Network Printer
Below are steps you can take to secure a network printer on campus.
Note: Printer manufacturer's web interfaces differ. These steps are generalized.
Set an administrator password
- Log into the printer from a web browser. The username is typically admin.
- Set the printer password. Choose a password with at least one number and one special character or use a passphrase.
- If storing the password, please do so using appropriate security controls and encryption.
Restrict Network Connectivity to Campus
Configure the printer to limit TCP/IP traffic to only campus.
Disable Unnecessary Services
Through the web interface DISABLE (if available):
- Telnet
- AirPrint
- Web Services Print
- FTP
- SFTP
- Bonjour
- SSH
- RSH/RCP
- WSD (WS-Discovery)
- LLMNR (Link-Local Multicast Name Resolution)
- RHPP
- SLP
- SNMP v3
- IPv6
- HTTP web interface communication (only if HTTPS is available)
- PJL Device Access Commands (unless needed)
- PJL Drive Access
- PS Drive Access
- Allow firmware upgrades sent as print jobs
- Allow installation of legacy packages signed with SHA-1 Hashing algorithm
- Print from USB
- Host USB Plug and Play
You can ENABLE the following, if available:
- SNMP 1/2 read only.
- HTTPS (SSL) A self-signed certificate maybe required.
- LPD
- IPP
- RAW (9100)