Web Interface - Printers

Posted on 2010-01-05
Last Modified: 2012-05-08
I've been doing some research on printer security and have noticed that for the 400 or so networked printers we have in our company, simply by finding the printers IP address in the ports tab, and typing it in the browser you almost always get a web interface to manage the device. Sometimes this requires authentication, albeit the majority of the times these are still set to default values, i.e. blank password, weak password, sometimes no authentication is required at all and the user can view and make use of all the features of the admin pages. My question is do people classify this as a major security issue, i..e what can attackers do with access to these interfaces, I could not find any stored documents or cache or documents printed etc, through the web interface but I assume theres some sort of spool file that could be accessed? What are your thoughts? By the very fact the web interfaces require authentication to me signals attackers should not be given access to them...
Question by:pma111
    LVL 2

    Expert Comment

    Are you talking about the interface that is used to setup the printer? I would recommend that you set a password to be able to change the settings.  A security risk I don't see that, but without a password anyone can change the settings and cause more work for yourself to fix!
    LVL 3

    Author Comment

    An example of the "interface":

    "Web Image Monitor is a web based hardware management tool that allows designated users to program and administer their Ricoh MFP from a work station. "

    LVL 2

    Accepted Solution

    Then yes I would set/change the password for all printers so you don't get someone playing with the settings.  But if you don't set the password and someone does change something, you can always reset the the settings back to default and start over on the setup.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now