SNMP vulnerability scan

SNMP writable communities  shows up on my vulnerability scan.

I  am being told to disable it

How will disabling it affect printing
When is it needed?
Does it matter if the printer has a hard drive?
syarmushAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MichelangeloConsultantCommented:
You should be ok disabling it. no relations whatsoever.
0
syarmushAuthor Commented:
https://community.spiceworks.com/topic/483706-disable-snmp-on-printers-causes-headache-with-windows-7-ugh


Please look at the above link

I tried doing this to the company copier scanner and I had to reinstall all the users who have access  to the copier scanner

 I have 10  printers with this vulnerability at the moment.

Any suggestions how I can make this painless
0
hdhondtCommented:
Certainly the printer disk will not be affected.

Make sure you disable SNMP Status for the printer under Printer Properties > Ports > Configure Port. If using a server, this must be done on the server. If SNMP is enabled, the driver will try to check printer status, and will fail when SNMP is disabled.

Note that, disabling SNMP will also prevent print management software from checking printer status. You may not use any, but if something like WebJetAdmin stops working, this is why.
0
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Luc FrankenEMEA Server EngineerCommented:
Can't you just change the community string?
Make sure to change it on the printer and "print management" and you should be good.
An SNMP string being "Public" or "Private" is indeed asking for problems.
0
syarmushAuthor Commented:
we have copier\ printers that a 3rd party  sends us toner when needed. If I change this I assume by the comments above this will be broken?
0
Luc FrankenEMEA Server EngineerCommented:
No, it won't.
The printer will use the driver on the printserver. This is used by some software to query the toner level.
How the driver and printer communicate and with what SNMP community name doesn't matter. Just make sure you change it on both ends. (Printer and printserver)
0
syarmushAuthor Commented:
from what I am reading to make this easy I  should set up all the  printers on a print server so that I only have to make the changes one time

I am unsure if the copier company will bulk  if they cannot get toner reports
0
Luc FrankenEMEA Server EngineerCommented:
You're not comparing apples with apples :)
This is completely separated.
Worst case scenario you'll have to adjust the SNMP string in the company's software too.
1
hdhondtCommented:
we have copier\ printers that a 3rd party  sends us toner when needed
Some printers are able to send an email requesting attention. In that case SNMP is not involved. If the 3rd party has print management software installed then, yes it will be affected. Check with them to see how they do it.

Re installing on a server. For a large organisation a server is always the easier method. For a small company, I prefer to have each user connect directly to the printer. In your case, if you are not using a server then every user needs to make sure SNMP is not ticked. But in your case, moving to a server will not make life easier. With the direct connection users will have to change a driver setting; with a server, users will have to install a new printer.

Start by checking whether SNMP Status is currently enabled. If it isn't, then you only have to worry about the toner supplier.
0
syarmushAuthor Commented:
I cannot depend on users changing settings- it will not happen-If I load the printers on a print server I can control that

Any other suggestions without involving users doing something
0
arnoldCommented:
The SNMP config on printers is the means by which when configured the printer status is determined, I.e. If the poll of the SNMP response is received, the printer is seen online, if it is not, the printer is marked offline.
Public is a read only community.
If the printer prints sensitive information, the default scheme should be to use encrypted harddrive.

It is a tool that gets installed on a system that monitors the printer status using SNMP to poll the toner reference.
The scan scans what you tell, identifying the impact/vulnerability of the report.
I.e. You ask sone one who identifies Window (structure) to review your office space for vulnerabilities, the report cones back with a list of external Windows as well as a few electrical room door windows, custodian office door window included as a possible vilnerability.
...
0
syarmushAuthor Commented:
I have 10 printers with this vulnerability

SNMP writable communities  

 what would be the easiest way to fix

I am not going to worry about toner reporting back for the copiers
I cannot ask users to check boxes- it will have to be done by me
]https://community.spiceworks.com/topic/483706-disable-snmp-on-printers-causes-headache-with-windows-7-ugh[/b][/b][/b]

if you read the article above you can see how this could break the print jobs
0
arnoldCommented:
Login into the administrTve interface if the printer, and disable the writeable community, or alter the default community name to sonething unique.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
syarmushAuthor Commented:
its not that easy
 if you read the article I posted above you will see what could happen

I made these changes for one printer and it broke the printer for all users who had it installed on their PC
I had to reinstall after the changes were made

this is why I said its better to install printers on a print server. You can make the change one time

I cannot count on users to make the change on their PC
0
arnoldCommented:
I said disable the writeable community, not disable SNMP completely.

what does the scan say which wirteable community in SNMP does it report?

Depending on your environment, i.e. AD centrally managed, you should have a server/servers set as print servers who have the printer installed locally and shared/pushed to the clients using GPOs/GPPs.

I've not seen printers that come with SNMP writeable community enabled.
Since you mentioned that your Printer provider includes the option to automatically order supply, have a talk with them on whether or why they have a writeable community defined for SNMP.

Look through your printer's SNMP settings and make sure what you have, public is set to read-only
0
syarmushAuthor Commented:
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Printers and Scanners

From novice to tech pro — start learning today.