2. Simplify and Secure Configurations
Out of the box, printers can have as many as 20 printing protocols and services enabled. This makes these typically plug-and-play devices user-friendly, but it also creates a huge attack surface. By whittling the configuration down to the absolute minimum needed to operate in your network, you can reduce the risk of someone taking control of a printer or gaining access to stored print jobs.
Don’t forget other basics: Change the default password or, better yet, use an agency-wide directory for authentication; disable unencrypted management traffic; and if you are using SNMP, enable only SNMPv3. If you haven’t rolled out IPv6 yet, don’t enable it on your printers.
3. Pick the Right Products
The temptation to litter the network with inexpensive printers can be strong, especially in distributed, budget-constrained environments. Having dozens of printer types from different vendors to manage and secure can turn a hard job into an impossible one.
If a centralized Print as a Service model works for your agency, this is your best choice to deliver the highest level of security and reliability overall. In this model, devices are provided, managed, secured and controlled by a third-party partner. If your agency needs a more distributed approach, use security as the lens to view basic standards for all printers connected to your network. This ensures you restrict choice only when there is a clear and compelling reason.
4. Use Print Servers to Further Isolate Devices
Configure the printer to communicate only with the print server, eliminating the possibility of someone communicating directly with the device. This strategy is especially important if you find that you cannot put printers on their own firewalled network segment. Print servers provide a level of separation between the end user and the printer that will reduce (but not eliminate) security problems.
MORE FROM FEDTECH: 4 emerging technology takeaways from federal IT leaders.