Networked Devices
Purpose:
The NUIT Guide to Securing Networked Printers, Scanners, Copiers and Faxes is a reference resource for all NU departments that use a networked device (i.e., printer, copier, scanner and fax). In particular, the guide offers recommendations on:
- Securing networked devices against misuse and compromise by unauthorized users.
- Enhancements to existing security measures.
Background:
Securing networked devices is important for a number of reasons:
- Most are simply “plugged-in” to the network, deployed using the minimal settings required to make the device respond and operate.
- Once installed, they rarely receive recommended application and operating system updates and vendor patches.
- Networked devices can be administered via the network; physical access to the device may not be required.
- Due to increased sophistication (built-in “intelligence”) and ever-increasing storage capacity, they can be used to launch attacks, store unauthorized data, retrieve scanned and printed documents, and print objectionable or unauthorized material.
Policy Statement:
Recommendations include:
- When considering new or replacement acquisitions, contact Purchasing Resource Services for recommendations and preferred vendors. Select a device that is configurable and offers security features. See “Assistance” section.
- Have a network firewall installed on your subnet by Telecommunications and Network Services (TNS) and attach all devices to the firewalled subnet.
- Review vendor documentation for any listing of security-related features and recommendations on secure installation and implementation. Contact your vendor and inquire about equipment upgrades that include security features.
- Establish a strong administrator password on the device to help defend against attacks and prevent re-configuration by an unauthorized user.
- Where the device supports access control lists (ACLs), configure them to block all traffic from outside the NU IP range (129.105.0.0/16 and 165.124.0.0/16), or further restrict access to only the department subnet. If personnel need access to the departmental printer from off-campus, access should only be permitted using the University's VPN.
- If there is a FTP server on the printer, turn it off. Similarly, turn off Telnet access if it exists.
- If SNMP is not required, disable it. Where it is required, change the default SNMP string.
- Disable the Appletalk and Netware protocols; disable any protocol or service not required.
- Use hard-drive encryption and automatic deletion or overwrite of data features where offered.
- Establish a contact point to receive all notifications regarding the devices and schedule periodic reviews to help ensure that patches and updates are regularly applied.
- At times when normal maintenance of equipment is performed, request the vendor's technician to refresh/reformat (where possible) the hard-drive.
- When transferring, retiring, disposing of or trading-in current equipment, reformat and overwrite the hard-drive (if featured) or contact Distributed Support Services or University Services to assist in these processes. See “Assistance” section.
Assistance:
Purchasing Resource Services provides services and assistance in contract negotiations, acquisition and retirement of office equipment, and recommendations on preferred vendors.
Northwestern IT's Distributed Support Services provides several levels of technical support to staff and faculty working on University-owned machines on a for-fee basis. Services include installation and troubleshooting of desktop hardware, peripherals, NUIT-distributed software, and operating systems.
Northwestern IT's Telecommunications and Network Services plans, operates, and maintains the University network, including firewall installation and support.
Northwestern IT's Information Security Office provides assistance in matters of information security and risk assessment.
Additional Information:
Important Dates
Original Issue Date:
- February 2010
Revision Dates:
- January 2016