1

So We've a networked laser printer, pretty standard bit of kit, accepts requests via WiFi, ethernet or USB. Recently we've found that our network has been dropping out for a couple of minutes each morning and this seems to tell the printer to ignore all requests until restarted, also getting a lot of print lag. long story short, we've attached a spare PC to the USB bus and set it up as a network share (Windows 0) - works a peach.

Given all the warnings about hackers using insecure printers to send malware as attachments (and my boss' reluctance to buy a new HP printer) I wondered if there was any steps I could take (i.e. a way to automate a malware or virus scan of all print jobs before they're spooled?) All suggestions very welcome, even if you think I'd be better off with a linux based solution?

Tfom
  • 23
  • 2
  • 1
    Get a real print server and put it, and the printer, on a separate network/vlan. Only allow the print server access to the printer. – jscott May 09 '17 at 22:53
  • As noted, shoe string budget. and that's not much info. The dedicated machine/ rint server IS the only one accessing the printer, I just need a way to check the files before the machine pumps them into the printer – Tfom May 09 '17 at 23:16

1 Answers1

0

While it's best to use a "real" server, that doesn't mean expensive, and you can at least take steps to make your current setup more secure.

Start by disabling WiFi on the printer. With that disabled and no network cable connected to the thing, the only way into it will be through the computer it is connected to. Having a single entrance to secure is much easier than having 2 or 3.

Next, make sure you've got a decent and up-to-date antivirus package on that computer, and if that computer won't be doing anything besides printing, set the antivirus software to a high level of protection, scanning everything all the time.

Typically, queued print jobs are stored as files in the host computer. The antivirus software should scan files as they are written by default and it should help mitigate the issues you mention in that way.

Also, make sure the operating system is getting its patches and reboots itself automatically outside normal office hours to apply these.

Next, check the permissions on the printer share. If you have a domain, make sure that only "Authenticated Users" or "Domain Users" are allowed to print.

Extra Credit

If you feel up to the challenge, the only thing limiting your current normal desktop from being a "real print server" is the operating system. While something is to be said for working with something you're familiar with, if you really want the most out of your printer as a shared network device, try running a non-Windows server OS, such as a Linux variant or similar. This shouldn't cost any extra in licensing or hardware, though it will cost in your time.

But, set up properly, converting that basic desktop into a real server will give you more control, and importantly, more security, than the basic desktop OS hosting the office printer.

music2myear
  • 1,893
  • 3
  • 26
  • 51