Carnegie Mellon University

Secure a Network Printer

Below are steps you can take to secure a network printer on campus.

Note: Printer manufacturer's web interfaces differ. These steps are generalized.

  1. Log into the printer from a web browser. The username is typically admin.
  2. Set the printer password. Choose a password with at least one number and one special character or use a passphrase.
  3. If storing the password, please do so using appropriate security controls and encryption.
Configure the printer to limit TCP/IP traffic to only campus.

Through the web interface DISABLE (if available):

  • Telnet
  • AirPrint
  • Web Services Print
  • FTP
  • SFTP
  • Bonjour
  • SSH
  • WSD (WS-Discovery)
  • LLMNR (Link-Local Multicast Name Resolution)
  • RHPP
  • SLP
  • SNMP v3
  • IPv6
  • HTTP web interface communication (only if HTTPS is available)
  • PJL Device Access Commands (unless needed)
  • PJL Drive Access
  • PS Drive Access
  • Allow firmware upgrades sent as print jobs
  • Allow installation of legacy packages signed with SHA-1 Hashing algorithm
  • Print from USB
  • Host USB Plug and Play

You can ENABLE the following, if available:

  • SNMP 1/2 read only.
  • HTTPS (SSL) A self-signed certificate maybe required.
  • LPD
  • IPP
  • RAW (9100)