Printer Servers

Many of the printers released today have built-in Web servers that
allow for easy remote configuration from virtually anywhere within the
network. They are advantageous configurable entities, but present a
risk of unauthorized users who gain access to this device.

A hacker could use an internal WLAN to gain access to the printer’s
Web server and reconfigure the machine so that it won’t print for any
user anymore. This can be a catastrophic event, as these machines are
configured out of the box to allow anyone in the network to change the
settings.
These Web servers also have a configurable option for “Security” that
enables you to defend yourself against unauthorized configuration
changes. There are configurable settings for:


Login/password administrative access

Authorization settings for various features and functionality

The administrator can input both login and password settings to
restrict access to the printer’s configuration dialog on the network. This
would require that someone know these private bits of information
before any changes could be made, so that even if a hacker does break
into the network and access the Web server, it would be very difficult for
him to effect any changes in the printer’s configuration.
There are also several authorization settings that an administrator
can set on the printer to block specific features from people on the internal
wired or wireless network. Administration, printing, and
firmware/software upgrades are by default accessible to any user on the
network. However, these settings can be changed so that only an administrator
can access e-mail reports, printing utilities, and software maintenance.
This protects your networked printer devices against unauthorized
use. The key is to know how to configure these settings properly;
otherwise, by default, you are wide open to an attack by anyone on any
wireless platform. 228