Results 1 to 8 of 8
  1. #1
    Service Manager 1,000+ Posts
    Network breach through MFP?

    habik's Avatar
    Join Date
    Apr 2010
    Posts
    2,004
    Rep Power
    46

    Network breach through MFP?

    Has anyone experienced it? Don't put any details of manufacturer etc. please.

    I haven't had the pleasures yet, just curious if someone had and what precautionary steps they took.

    Thanks for feedback.

    .OK Google! ... will I need Berrocca this morning?
    Firmwares HERE

  2. #2
    Senior Tech 250+ Posts
    Network breach through MFP?


    Join Date
    May 2009
    Location
    Concord, NH
    Posts
    407
    Rep Power
    26

    Re: Network breach through MFP?

    Quote Originally Posted by habik View Post
    Has anyone experienced it? Don't put any details of manufacturer etc. please.

    I haven't had the pleasures yet, just curious if someone had and what precautionary steps they took.

    Thanks for feedback.
    We have discovered several attempts but no actual breach. We would like to think it is because we disable anything the customer does not use, no apple units - disable Bonjour, don't use ftp disable it, the network does not use NetBios -turn it off, no IPP printing it has to run through the server, reducing the footprint exposed to the outside goes a long way to mitigating any exposure. We also restrict USB host printing as you can not rely on users not introducing malware with files they download at home to a thumb drive and then try to print it on the office device. Unfortunately, it will also depend on how security aware the IT dept is. If the MFP is on an internal network, how does the malware get to the MFP in the first place? It is either through weak network practices or weak internal controls on the users.


  3. #3
    Senior Tech 250+ Posts
    Join Date
    Jun 2015
    Location
    Lutherville, MD
    Posts
    494
    Rep Power
    12

    Re: Network breach through MFP?

    Had a customer that had some MFPs were compromised by use of IPP. The units kept spitting out full black prints or "garbage" prints. I turned off all protocols that they didn't need.


  4. #4
    Senior Tech 250+ Posts Woxner's Avatar
    Join Date
    Jul 2011
    Location
    Felixstowe England
    Posts
    471
    Rep Power
    20

    Re: Network breach through MFP?

    if they got into your machine they are already in your network most likely. some machine use vx works to help stop this type of this like a virus.


  5. #5
    Geek Extraordinaire 2,500+ Posts KenB's Avatar
    Join Date
    Dec 2007
    Location
    Cleveland, Ohio
    Posts
    3,014
    Rep Power
    74

    Re: Network breach through MFP?

    MFP security is a valid concern....but it is a PARTNERSHIP between the dealer and the customer as to how to work with it effectively and efficiently.

    Just by the nature of what modern MFPs do, they can never be 100% secure. The very features that make them desirable dictate that there be some degree of exposure, however slight.

    Customer IT departments who try to place that responsibility completely on our shoulders are in need of some serious education. If they are persnickety about MFP security, it is a discussion that must be understood and agreed upon...in writing.

    I have a number of major accounts who have "build sheets", outlining exactly what needs to be configured and how. Those decisions were all made well before the machines ever hit the door.

    Some days you’re the dog, some days you’re the fire hydrant.

  6. #6
    Service Manager 1,000+ Posts
    Network breach through MFP?

    habik's Avatar
    Join Date
    Apr 2010
    Posts
    2,004
    Rep Power
    46

    Re: Network breach through MFP?

    Quote Originally Posted by KenB View Post
    MFP security is a valid concern....but it is a PARTNERSHIP between the dealer and the customer as to how to work with it effectively and efficiently.

    Just by the nature of what modern MFPs do, they can never be 100% secure. The very features that make them desirable dictate that there be some degree of exposure, however slight.

    Customer IT departments who try to place that responsibility completely on our shoulders are in need of some serious education. If they are persnickety about MFP security, it is a discussion that must be understood and agreed upon...in writing.

    I have a number of major accounts who have "build sheets", outlining exactly what needs to be configured and how. Those decisions were all made well before the machines ever hit the door.

    We are pretty much on the same page on your last paragraph. We have procedure in place to say what the machine can and can not do.

    Thanks for feedback everyone.

    .OK Google! ... will I need Berrocca this morning?
    Firmwares HERE

  7. #7
    Technician
    Join Date
    May 2017
    Location
    The Ether
    Posts
    21
    Rep Power
    3

    Re: Network breach through MFP?

    Quote Originally Posted by habik View Post
    Has anyone experienced it? Don't put any details of manufacturer etc. please.

    I haven't had the pleasures yet, just curious if someone had and what precautionary steps they took.

    Thanks for feedback.
    I am unfortunately aware of two instances on different continents where serious breaches have occurred. I am most certainly not going to go into details of vendors or how it was actually done but needless to say make sure firmware is up to date as your vendors should be aware of issues by now.

    One instance was devices being used as zombies to launch attackes on internal 'targets' including a mail server (which spammed external customers). Another was a number of devices used as a platform to access external resources and also become a spam bot.

    As has been said already turn off what the customer does not need. People forget about port forwarding but make sure this is off if your vendor devices support this. Currently there is a major concern with Bluebourne for all vendors that is being investigated. Turn off Wifi Direct if not required.

    Enable Egress filtering on the network and gateway (ISP may have to do the latter) to prevent spoofing. If the customer is serious about security then suggest impementing IDS and IPS kit and services if they haven't already.

    Sales staff do need to inform customers that even the most secure devices (potentially) are anything but 'out of the box' but customers are not told this from my experience.


  8. #8
    Service Manager 1,000+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    1,731
    Rep Power
    52

    Re: Network breach through MFP?

    I've seen several instances where customers have inadvertently made their MFP's accessible on the public internet, not too fun, especially with a default password for the interface no less! My regular suggestions are:

    1. Strong web interface password
    2. Place MFP's and printers on a separate VLAN. Allow printer ports (9100, 515, etc) inbound from a print server(s), allow only services used (scanning, email, etc.) for outgoing access. Limit access to web interface to the VLAN and restrict workstation access to it.
    3. Disable all unused protocols (Telnet, SSH, Bonjour)
    4. Strong password for User Tools, separate password for Service to use (I add a separate admin account on all of our machines)
    5. Ensure any drive encryption is turned on. My main thinking is that exfiltration of data from an MFP hard drive is overblown, but it often gives the customer an extra degree of comfort.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-=-=-=-=-=-


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here