How do I secure my networked printers?

Question

I've been reading a lot about how network printers can be a big security breach, but precious little about what to do about it. I have 2 Canon printers, a Pro-100 and a MG6821. Neither one requires the network password when you set them up on the network, so I assume they're doing some sort of WPS business.

Over 18 months ago there was this thread How dangerous is an unsecured printer? that seems to say they're very dangerous but, again, not much as far as what to do about it.

Has anything changed since then? Can someone tell me how to secure them?

score 2 · Answer 1 · answered Dec 03 '18 at 10:43

2

Yes, it is still a problem. Printers are the first big "IoT" device and the problems that have plagued printers plague every other IoT device today.

And the way to mitigate problems are similar:

patch
configure
isolate

Make sure the IoT device is fully patched (and because they may not tell you they need updating, you might have to manually check)

Ensure that the configuration of the IoT device is as secure as possible as the device permits (default passwords, strong passwords, turn off unused services, etc.)

Isolate the device in its own network and lockdown the traffic. Consider blocking all traffic initiated by the device, blocking internet access.

These are things that you can do either in a corporate setting or a home setting.

answered Dec 03 '18 at 10:43

schroeder

123,438
55
284
319

Good ideas but in this specific case there are no configuration options (that I'm aware of) presented in the setup, and I did it just yesterday. As far as the isolation, that's something that I just don't know how to do. Any hints? – user48053 Dec 03 '18 at 22:29
Are you talking about a home or corporate network? – schroeder Dec 04 '18 at 08:15
It's a home network. – user48053 Dec 04 '18 at 18:38

score 0 · Answer 2 · answered Dec 03 '18 at 10:25

0

Simplest and most straightforward is to make sure to patch them if there are any patches available. A lot of people never update their printers even when the manufacturer bothers to release a patch. (Some manufacturers don't release updates often.)

Personally, I tend to leave my printer unpowered unless I want to use it, in which case I go and turn it on. It remembers my home wireless information so it's just a minor delay while it boots.

Are you working for an enterprise, or are you thinking of home use printing?

answered Dec 03 '18 at 10:25

Celeste Thayer

1
1

The MG6821 actually is powered off most of the time and powers up when I send to it; it just takes a while before powering down again. The Pro-100 is a photo printer and every time you turn it on it sucks down a lot of ink, purging the head, so leaving if off between jobs and turning it on when I want to print can get pretty wasteful. This is my home network. – user48053 Dec 03 '18 at 22:36

score 0 · Answer 3 · answered Dec 03 '18 at 11:11

Don't install unneccesary driver parts. Printer driver software is often a big bloat of code for all kinds of features, many of them you won't need.
A good example is wireless access in an environment where everything is cabled anyway.

So first determine what features you need, then select only those options to install.

Printer manufacturers often have 'basic drivers' available for download that do not have all kinds management and alerting components.

I don't think these printers would present wireless access if you don't specifically set it up, because it does take a bit of effort. My concern is how to limit it to just me after it's set up. — user48053, Dec 03 '18 at 22:31

How do I secure my networked printers?

3 Answers3

Linked