by Mike Rutt, IT Security Coordinator
Open ports & password issues
Recently, a number of universities including ours were hit by a group spreading a message that was meant to stir up controversy. They were able to spread this message on printers that had port 9100 open. The UNL Security Team scans the network for malicious activity and works with printer owners to remediate printers left open to hackers. New printers show up on the network all the time, so I wanted to keep you informed and thinking about printer security.
In a recent scan we found 778 open printers by scanning the UNL network off campus, of the 778 printers that were open to the world 94 of them had password issues. When I talk about password issues, it means the printers had default or no password defined at all.
More than just a printer
You might be asking yourself, well it’s just a printer what harm could a printer really do? Printers are more than just printers they are file servers, email servers, hotspots, ftp servers and can hold a lot of data. When you think about printer security you must always think about data classification. If you send sensitive information to printers, you must secure the printer accordingly. Another thing to consider which almost always gets overlooked is the user names and passwords defined on printers. Users will typically use the same password on every single application they have. If a printer gets compromised, it could open a doorway to other applications. Below is an example of the type of information that can be obtained even from just a log. Yes, this looks like a document the FBI has redacted, but I wanted to illustrate that just from the titles of documents you can determine the workflow a department uses. This can be very valuable information to attacking the department from different angles.
Intrusion Protection
The Security team also has the ability to provide your printers an extra layer of security. We now have an IPS solution that can protect your printer at the edge of our network from outside attack. If you’re interested contact Ricky Keim. He will put the host name of the printer in a group on our IPS that will protect it from outside attack.
So if I have convinced you that printer security is important, here is where you can find resources to help you secure your printers. We always want to apply security from the end point or the printer itself. Below is a link that will explain why it’s important to do things like turn off services that aren’t needed, enabling host based firewalls, using unique passwords…etc.
Go to Printer Security Resources
Certainly as a member of the UNL ITS Security team I find great satisfaction in helping departments find issues like open printers. You are not alone if you would like to know more about the services running in your department, we would be glad to help you complete an inventory. You can reach out to me, Michael Rutt.
Special thanks to Hannah Finnegan and Tim Volkmer the UNL ITS Security Team students that reached out to owners of open printers. I would also like to thank all the departmental technicians that are in the trenches with us everyday keeping UNL safe.