A VPN is going to be a better option than opening ports to the public internet. You've already opened enough to the outside to have someone malicious send malformed print jobs to the machines (you've already seen evidence of port sniffers in action) or to pull information from them thanks to SNMP that could lead to a more advanced way of attacking or exfiltrating information from the machine, with the right commands even the address book is accessible via this protocol.
Bookmarks