Security is baked into every line of PaperCut code. And it has to be. Network printer security is a fundamental building block of your print infrastructure. We couldnāt transfer and print files online without it.
Network printer security best practice changes over time as threats evolve and vulnerabilities emerge. So, itās impossible to write a definitive, last-guide-youāll-ever-need on network printer security. Still, there are some fundamental things every organization can (and should) do to make sure their network printer vulnerabilities are understood and managed. This stuff isnāt rocket science, but with the average cost of a data breach now sitting at US$4.45m , itās definitely worth the effort.
Want to know how to secure your network printer? Letās dive into it.
What is network printer security?
Multi-function printers are essentially computers. At least, thatās how hackers see them. And they represent an often-overlooked backdoor onto your network. Think about it: everyone knows about cloud security and encrypted file transfers, but hardly anyone talks about the humble office printer.
Network printer security is simply another branch of your cyber defence strategy: itās how you safeguard your online or direct IP print network from penetration or interference.
Network printer security best practice includes:
-
Robust authentication
-
Secure print release tools
-
Print job encryption
-
Network segmentation
-
Regular patching and firmware updates
Implement authentication methods
First step: authentication . You should have visibility and control over every authorized user on your network. These users need to be authenticated, ideally for each and every print job. There are a few ways to do this:
Usernames and passwords. The default authentication method, and the bare minimum of what you should be doing. Users should only be able to print and send jobs after entering their credentials, as specified in an external user directory, such as Active Directory or LDAP.
PIN numbers. Alternatively, users can authenticate using an ID number with an associated PIN. These are generally simpler and easier to remember than passwords, and often require less management from sysadmins.
Swipe cards. Instead of passwords and PINs, users can authenticate using a registered swipe card (this could include a magnetic strip, smart card or RFID). This will obviously depend on your printer model, since not all MFDs will support swipe card authentication.
2FA. In an ideal world, you should be running 2-factor authentication (2FA) or multi-factor authentication, which is any combination of the above methods, run in tandem. You can read more about MFDs and 2FA over here .
Use secure print release
In most printer networks, when a user prints from an application, the job automatically flows through to the MFD, which starts printing. This is fine for speed, but trash for security, since documents can easily get forgotten, or sit unguarded in an Out tray, where anybody can pick them up. Instead, you should implement Secure Print Release . This means that jobs are only āreleasedā (i.e. printed) when the user arrives at the printer and confirms their identity.
Encrypt your print jobs
Cloud print jobs should be encrypted during transfer and at rest. If youāre running a print management app, this should come as standard (and if it doesnāt, shop elsewhere immediately). There are a few factors here:
Spool file encryption. Spool file encryption is for organizations that want to safeguard sensitive information while itās waiting to be printed. Itās an additional security layer, specifically for your hold/release queue.
Multi-tenant SaaS. Fully hosted, multi-tenant cloud solutions need encryption specifically designed for the public internet. PaperCutās in-house Edge Mesh technology is the way to go here. It comes as standard for PaperCut Hive and PaperCut Pocket.
Encryption protocols. If your network isnāt running SSL/TLS or IPSec, your print jobs are at risk. These common protocols encrypt print data between your device and the printer.
Cloud hosting. If youāre cloud hosting PaperCut MF, whether thatās a private or virtual private cloud, your print environment is linked to the PaperCut server via a secure, encrypted VPN tunnel (e.g. IPSec or AWS Direct Connect).
Network segmentation
Network segmentation ā dividing your printer network into smaller, isolated segments based on user permissions ā is a great way to enhance your overall network security. It basically limits the fallout of any potential breach, since access to one part of the network doesnāt grant access to the entire network. We recommend isolating your printer from the rest of your network to protect sensitive information and reduce overall congestion. You can also use subnets to restrict certain users from accessing certain printers.
Update firmware and patches
A printer network is only as secure as its latest patch. Thatās a good rule of thumb for sysadmins to follow. Thereās no point installing fancy print management software, or configuring your firewall, and then leaving it to rust. At the very least, you should be automatically updating your firewall firmware with the most recent patches. Same goes for your printer software, and any third-party print management apps, like PaperCut . This will counter any emerging vulnerabilities.
Ā
Ā
