Printer security (was Re: Need Help with the Debian Securing Manual (contributions accepted))
In article <20010924032741.B15557@dat.etsit.upm.es> firstname.lastname@example.org writes:
> I am not sure everybody is aware of the "Securing Debian Manual"
>which can be found at
>http://www.debian.org/doc/manuals/securing-debian-howto/. In any case, I'm
>asking for some help with this document due to the current overload of
>information I'm suffering.
"cups" aka "cupsys" should be mentioned in the secion on printer
daemons. (I've only recently started using it, so am unqualitfied to
write about its security.)
While not debian-specific, I think ethernet connected printers should
be mentioned. Something like:
Network connected printers are frequently a security hole. HP
printers and emulators accept connections on port 9100 (and 9101,
9102, etc. on multi-printer servers) and print anything sent. They
may also be able to run the postscript programs sent to them that may
be used to create bigger security holes than just printing. Some
models also talk a subset the lpd protocol on port 515. Later models
have a telnet client on port 23, and by default have no password.
I've even heard of (non-HP) printers that are running a stripped-down
version of unix and have an open-relay sendmail running. You should
consider putting your printers behind a firewall, and at the minimum
not configuring a default gateway unless needed.
Blars Blarson email@example.com
"Text is a way we cheat time." -- Patrick Nielsen Hayden