carloscastilla - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Which controls can prevent multifunction printer security risks?

Hackers are infiltrating the enterprise through multifunction printers. Expert Kevin Beaver explains how to mitigate the threat and improve printer security.

I read that hackers can infiltrate corporate networks through multifunction printers in one out of every two attempts....

Do you think that's true? How can we lower this risk? What controls can be put in place to prevent printers from being a risk?

Since I began performing security assessments nearly 15 years ago, I've seen numerous vulnerabilities in network printers and multifunction systems. Many people question why I list such vulnerabilities on security assessment reports, but they're indeed a business risk -- especially when Active Directory credentials can be obtained from them. It's almost always a default, weak or blank password on a Web or FTP interface that creates openings for attackers. And these vulnerabilities create a series of potential problems such as attackers not only being able to view print jobs and scanned images, but also being able to change system settings to effectively create a denial-of-service situation, which can be pretty detrimental to certain businesses.

Of course, someone has to be on your network to access these systems -- unless either the systems are Internet-accessible or the attacker has gained access through a poorly secured wireless network or other means. All it takes is one rogue employee or contractor to carry out such an exploit from the inside and you'll never know about it.

What should your organization do? Implement the same security basics we've known about for decades; be sure to change default passwords to strong passphrases, patch firmware, disable unnecessary Web and FTP services, and segment critical systems on the network.

Enterprises should also make sure they're performing vulnerability scans of printers and related systems on a regular basis with both a network vulnerability scanner and a Web vulnerability scanner. Just know that if vulnerabilities or Web interface workflows are exploited due to a weak password or other flaw, the scanner might end up changing the configuration of the system including the language, which can make it extra tricky to reconfigure.

Ask the Expert!
Perplexed about network security? Send Kevin Beaver your questions today! (All questions are anonymous.)

Next Steps

Just how vulnerable are network printers? Find out here

Learn more about embedded system security strategies

This was last published in March 2015

Dig Deeper on Network device security: Appliances, firewalls and switches