Pau Lo
asked on
Web Interface - Printers
I've been doing some research on printer security and have noticed that for the 400 or so networked printers we have in our company, simply by finding the printers IP address in the ports tab, and typing it in the browser you almost always get a web interface to manage the device. Sometimes this requires authentication, albeit the majority of the times these are still set to default values, i.e. blank password, weak password, sometimes no authentication is required at all and the user can view and make use of all the features of the admin pages. My question is do people classify this as a major security issue, i..e what can attackers do with access to these interfaces, I could not find any stored documents or cache or documents printed etc, through the web interface but I assume theres some sort of spool file that could be accessed? What are your thoughts? By the very fact the web interfaces require authentication to me signals attackers should not be given access to them...
Are you talking about the interface that is used to setup the printer? I would recommend that you set a password to be able to change the settings. A security risk I don't see that, but without a password anyone can change the settings and cause more work for yourself to fix!
ASKER
An example of the "interface":
http://ricoh.pbworks.com/CSWebImageMonitor
"Web Image Monitor is a web based hardware management tool that allows designated users to program and administer their Ricoh MFP from a work station. "
http://ricoh.pbworks.com/CSWebImageMonitor
"Web Image Monitor is a web based hardware management tool that allows designated users to program and administer their Ricoh MFP from a work station. "
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.