Adding a small port switch for user on a network for printer?

What concerns in a work environment are there with letting users add a network switch to their desk that is connected to the rest of the company network? For example to add ports for a persona printer issues from company, instead of dropping another network drop?
Does adding a switch like that typically introduce security concerns?
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
If it is a plain simple wired switch (3-Com or like), and the printer is connected by Ethernet, and the printer is an ordinary dumb device, then no concerns.

Do not use wireless and a smart wireless printer with Air Print and so because you would not have total control over the device.
garryshapeAuthor Commented:
Thanks that makes sense. Do you have a recommendation on securing that printer from being printed to by anyone else other than that assigned user then? Would it be a firewall MAC to MAC allow policy type of thing?
JohnBusiness Consultant (Owner)Commented:
So long as the printer is wired, and no driver put on the server, then you should be fine.

It will not be firewalled with a simple switch, so if people insist on looking they might find it.

The user should turn if off when not using it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

JohnBusiness Consultant (Owner)Commented:
Thank you much and I was pleased to help you.
atlas_shudderedSr. Network EngineerCommented:
I disagree with the above.  The very first thing that comes to mind is that by permitting the user to add a micro-switch to the environment you have just:

1.  Added a non-managed device to your network
2.  Explicitly given permission to that user to leverage their extra ports
3.  Created the potential for a network choke point/bottleneck that has the very real potential to impact performance moving forward.
4.  Due to number 1 - the introduction of numerous security concerns.

Long and short of it - if they need the printer right there and they unable to locomote to another area to pick up prints, then have a new drop put in and connect the printer there.  The plan for the micro switch is a spectacular idea until it isn't and then it rapidly devolves into a nightmare.  From experience?  They always devolve.
JohnBusiness Consultant (Owner)Commented:
Just keep a mild watch on things. Most users (almost all of mine) want to improve there work place and are not likely to hook extra things up. Just watch occasionally
nociSoftware EngineerCommented:
Also be sure it is a Switch and not a hub ...
And if you use Gbps speeds connections some Home "switches" might tend to run very hot when Gbps speeds are Actually used.
serialbandCommented:
What knid of printer?

If it's a cheap dumb printer, you don't have to do much, but many network printers have insecure open port settings.  Connect to the printer's ip address via a web browser.  If there's a web page, you can manage it remotely.  See if there are things you can change.  Some printers give an informational page and allow simple controls to pause the printer and restart.  Some just give an informational page.

A lot of network printers have configuration pages with default password settings.  You should change the default and record that password.  Next, turn off all the insecure settings such as ftp, http(if you have https available), etc....  Turn off settings you don't need.  A lot of HP printers have a lot of different ways to print to it, so I turn off all the unnecessary parts, such as airprint, webprint, etc..., since I only use lpd and connect the printer to a print server.  You can also set and limit the IP address to just the print server or local subnet, depending on what access you want it to have.  Ricoh, Canon, Xerox, etc... all have something similar, so make sure you check.  Most settings are turned on by default so non-tech users can connect whatever they need to it and be able to print.  You have to turn them off to secure it.

I find that printers are generally the least secured sysadmin controlled devices because most sysadmins don't really know their printers.  They just want it to work, so they connect their print server and drivers, but forget that modern printers have their own OS and a small web server built-in.  I've had to secure so many printers whenever I take over a new site, because it's one of the most overlooked items.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration

From novice to tech pro — start learning today.