Security Best Practices Part 1

00:00

Welcome back to Prince Security Intermediate Course. In this lesson, I'm going to talk about some general advice is, or best practices for printing device security.

00:13

So, uh,

00:15

what means best security practices there. Quite a lot of settings that exist in printing the wise, especially in the modern network printers that are there for us, various reasons. For example, there is quite a lot off,

00:32

uh, capabilities of a printer that there they represent legacy

00:38

printing capabilities to recharge, still used by some customers on some systems. For example, if they're using the well or if they're using some older methods of printing If they're using, for example, mainframe printers of stuff like that,

00:55

then there is quite a lot of things that are still left in and device that you actually don't meet.

01:03

So first thing to do is go to close unused ports and protocols.

01:07

That means ah ah, if you're using, for example, there is one thing on some printers. It's just called 9100 printing, which is using I P Port 9100.

01:21

Some other vendors Ah, some vendors are using other port rather than 19 100. But these things air there for legacy reasons.

01:30

And they should be disabled because modern printing through Windows Server and when those 10 operating systems doesn't need it.

01:40

Also, you can disable Acela slp config, And I'm not going to explain what of these things are. I'm just going to say their legacy or they're not needing in environment in which you have servers and, uh,

01:53

in those operating systems.

01:57

The other thing is LPD printing. Then tell net. Uh, most of the printing network printers can still be accessed from a commend prompting windows using telnet command.

02:10

And if you were, Rex is the printer. By telling it, you can do quite a lot off nasty stuff, so you should disable it.

02:20

And one off along these things go into category. Be smart. So read the standard,

02:28

um,

02:29

practices for the securing your device and do it every time you put it on the network. Regardless, if that is the old device that has been in storage, or it's a new device that has just been purchased or it is the older wise that has Bean

02:46

repaired them in the service deep or on the location. Maybe something was changed. Maybe something was reset during the service procedure.

02:54

Do it every time you put new device on a network or every time you put the device printing device on the network. So you have to disable FTP printing accepted. You should disable I p access be X,

03:08

the Elsie Elsie as well. And then, of course, disabled people talking to ensure so apple Talking about jurors is used if you're using apple devices in peer to peer environment, if you're not printing through the server.

03:24

So if you're even if you have Apple devices on the network, sometimes if you disabled, they will still be able to print,

03:31

but not directly from the device toe printer.

03:37

So if you're using some of these things, then you should. If you're

03:43

business cases such that you have to use them off course, you don't disable them. But then you have to be extra careful toe watch about the things that can be done in terms of printing, hacking, using some of these

03:57

things.

04:00

Let's continue about the minimal measures, so you have to lock toe the access to device settings from control panel.

04:08

On most of devices, you can simply remove the the icon or the option to do the seconds. This is not something that the user should do. If you look at the labs about HPV object, that mean you will see that you can do these things remotely from administrators. Computer core console

04:27

and nobody else should be able to change these things. You have to set in bed Web server passwords that this is a must.

04:34

Every time you connect their wives to a network, you should do it.

04:39

You should disable controls such as job, cancel button and the go button or whatever. They're called

04:46

with different manufacturers, because these things have to be,

04:50

uh, simply, they can do a damage to a device. If nothing else, than somebody can cancel somebody else's printing job. And then that person will reprint the entire job. It's 100 or 200 pages. Print job.

05:08

You print more. It's not going to do security risk, but it's going to increase the cost off business.

05:15

You have to configure job time out so that if somebody is running some very complex print heck job,

05:21

Um, and it's not printing, but doing something on a printer for a couple of minutes. It should printers should be able just to kill that

05:30

print job.

05:32

Um, you have to prevent physical access to removable harder, like HD and boards. You should lock it, live it something like a Kensington lock or something.

05:44

And my recommendation is to use static I p addresses for printing devices so that if somebody recent device it won't pick up the ah new I P address from the network or the new address it picks up from the network

06:00

should be not in a list off printing devices that comes with the other things that you should do in terms of security, like set the list of I P addresses for printers. And it's something on that I dress shows up on the network, which is not a printer.

06:17

It should automatically pop up in some kind of administrative council

06:23

so that you can take action and then you know that something is wrong with the device.

06:29

You should also, if you knew not using ecstatic I p addresses or even if you're using them, you should set on your routers the HDP restrictions for printers so that, um

06:40

if they're trying to pick the address, which is outside the range off i p the I P address that is not for printer. It shouldn't

06:48

get it.

06:50

So at the end of this lesson, let's go and just check do a learning check. And the question is what is not the standard security mirror for printers. So the possible answers are disabled down that

07:04

the Civil PCL printing

07:06

or disable i PXs BX And the correct answer is

07:13

you should not disable PCL printing. The PCO is the most common driver that is used them

07:18

in printing today, the or PD l and most of the office bringing is done by using PCL. Most of the printers cannot disable PCL printing, so you definitely shouldn't do that.

07:34

In this video. You have learned

07:38

about