Resources Posts

Campus Printers: A Major Security Risk in Disguise

Picture of Ben Bowen By Ben Bowen | July 30, 2019

[This Pharos article was originally published on LinkedIn]

In June 2017, universities around the United States received a nasty surprise when mysterious print jobs claimed a bomber had planted explosives across their school campuses. Although the threat turned out to be fake, the hacker’s ability to compromise university printers was obviously real — and that should concern administrators.

Campus printers pose a security risk that few schools take seriously. Recent research found that just 16% of IT managers believe printers pose a serious risk.

Unfortunately, hacking an unsecured printer is too easy. In the case of the university “bomber,” the hacker simply targeted open printing ports (the default port, in most cases) and was able to gain access to campus IPs. IT professionals must improve their protection to keep networks and devices safe.

When it comes to protecting a university’s computing infrastructure, locking printers down is often lacking (or doesn’t happen at all). However, best practices exist for securing your printer fleet, and administrators should recognize printer-related risks and take steps to mitigate them.

Understanding the Printing Landscape

Typically, colleges have computer labs and libraries that contain several printers. Individual departments and schools (in separate buildings) typically have their own fleets of printers. Students print in their dorms, faculty members print in their offices, and staff members print all over campus. Every printer connected to the network is a potential access point for a malicious third party.

Faculty, students, and staff must understand that documents left unattended in printer output trays lead to confidentiality breaches and legal risk.

Scattered printers often serve college populations by segments, but every college is unique. Some offer specialty printers and 3D printers, which present many of the same risks as traditional office printers.

University printing vulnerabilities can often be traced back to open ports. Printers are typically delivered in an open state to allow for easy network connection. Even when these printers are properly locked down, they’re commonly reset when serviced (reverting them to their original vulnerable state). This means not even IT admins are likely to know which printers are left open at certain times.

School IT administrators shouldn’t rely solely on the security features in their campus printers. To properly safeguard your devices, networks, and documents, consider the bigger picture —your printer ecosystem — and attack it holistically. This can be challenging because print is so decentralized across most higher education environments. Still, it’s achievable.

Create a More Secure Printing Environment on Campus

Beyond the usual security concerns around printers as network endpoints, there’s also the critical issue of document security. Secure printing is about more than securing devices to prevent remote access; it’s about manual processes, too. Faculty, students, and staff must understand that documents left unattended in printer output trays lead to confidentiality breaches and legal risk.

This common practice also creates opportunities for data breaches and academic plagiarism. I can’t tell you how many times I’ve seen protected personal information lying around on printer trays in admissions departments.

Left unchecked, poor printer security invites hackers into the network, allowing them access to sensitive areas and valuable information.

Pull-printing software resolves this issue: Students and staff members submit print jobs as they normally do, but instead of going directly to a target printer for immediate output, print jobs are “parked” in a secure virtual queue. People can then release — or “pull” — their documents while standing at any convenient printer on the campus network.

This workflow ensures documents aren’t left unattended in output trays, while also preventing wasteful reprints and stacks of unclaimed documents collecting around your printers. Pull-printing software also integrates with common student payment systems for cost recovery, departmental chargeback, and grant debiting.

But software solutions alone don’t constitute a comprehensive print security strategy. In addition to deploying pull-printing software, IT administrators in higher education should do the following to reinforce network defenses and protect valuable print assets across campus:

  1. Change the default password on every device.
  2. Use “https” when accessing the printer admin control panel webpage.
  3. Use current SNMP standards.
  4. Close all unnecessary ports on every printer.
  5. Shut down any unnecessary services on every printer.
  6. Stay current with firmware updates and patches.
  7. Make printing available only on the local network segment by restricting network access with a firewall and/or routing rules.
  8. Set and manage each printer’s access control list.
  9. Disable as many file system access protocols as possible.
  10. Periodically use the Shodan search engine (or another online security tool) to determine which network devices are vulnerable across your organization.

School IT administrators should also consider replacing outdated printers with newer, more secure models. Data security practices improve every year — but so do the techniques that hackers use to break into outdated systems. Proactively upgrading printer fleets can help prevent unauthorized access and reduce risk.

School IT leaders have a responsibility to protect students, employees, and other stakeholders from the potential damage of cyberattacks (including those involving their network printers). Left unchecked, poor printer security invites hackers into the network, allowing them access to sensitive areas and valuable information.

When it comes to printers and their role in overall campus security, the most prepared university administrators and IT professionals are those who follow these best practices and stay current with the changing technology landscape.

Behind Pharos’ Decision for ISO 27001 Certification
View
Secure Release Printing
View
The Fundamentals of Printer Security
View
Printer Security Risks
View
Why Print Drivers Are Increasingly Becoming a Nightmare for Corporate IT
View
Protecting Your Print Environment with a Zero-Trust Print Approach
View
Combat the Growing Threat of a Data Breach by Migrating to a Cloud Printing Solution
View
Eliminating Driver Management to Enhance Security
View
How Cloud Printing Enhances Your Cybersecurity Posture
View
Pharos Products and Log4j Exploit
View
PrintNightmare: Securing Your Print Infrastructure
View
Pharos and “PrintNightmare” Windows vulnerability
View
Is Print on Your Company’s Zero Trust Security Checklist?
View
Pharos Products and Services Unaffected by the SolarWinds Exploit
View
Why Zero Trust Networks Are a Growing Trend
View
Sentry Print: Secure Cloud Printing for All Environments
View
3 Ways Cloud Services Can Improve Information Security
View
Secure Your Office Printing via the Cloud
View
Healthcare IT: Is Your Internal Printing Introducing HIPAA Risk?
View
Has Your Company Secured These Overlooked Attack Vectors?
View
3 Data Security Risks Your Company May Be Overlooking
View
A New Era of Secure Pull Printing
View
Print Management Technology: A Reality Check
View
Does Your Organization Have a Print Security Policy?
View
Printers Must Be Part of a Strong Security Policy
View
How Healthcare Organizations Can Reduce Costs and Secure Information
View

Get the latest insights delivered to your inbox

Optimize Print with Pharos

Learn more about how to simplify print security, increase IT productivity, and cut waste with Pharos Cloud. Schedule a meeting with us today.

Request a Meeting
an image of the pharos cloud print management dashboard