Securing Printers
Securing Printers
Improperly secured network printers are occasionally sent print jobs containing advertisements, offensive pictures and text, or gibberish. There are several ways to prevent this, and IMSS recommends employing one or a combination of the methods below.
Configure built-in access controls on the printer
Most printers have built-in access controls that allow you to restrict access at the network level. You can configure the printer to only allow printing from campus IP addresses. The configuration process can vary between different printers (see steps below for more information). Contact the Help Desk (x3500) for assistance.
Request a block at the campus border routers
If the printer does not have built-in access controls (or as an additional measure), you can request Information Security to block network traffic to the printer at the campus border routers. To do this:
- Determine whether the printer is configured with a static IP address
- If you're not sure, contact the Help Desk (x3500) for assistance
- If the printer does not have a static IP address, request one
- Create a new request in Caltech Help at https://help.caltech.edu
- Use request type: "IMSS • Network, Wireless & Remote Access • Host and Address Requests (DNS, DHCP)
- Provide the following information
- Name of Responsible Party (RP) using the IP address or the name of the systems administrator
- For academic groups, the name of the faculty sponsor
- Department
- Building and room where the device is connected to CITnet
- Phone Number of RP (optional)
- RP's Caltech email address (preferably your @caltech.edu email address)
- Desired hostname to be assigned to the device.
- Mail Exchange Information (optional)
- Configure the printer to use the provided static IP
- Once the printer is configured with a static IP address, request a campus border block for that IP
- Create a new request in Caltech Help at https://help.caltech.edu
- Use request type: "IMSS • Information Security • Security - General"
- Provide the following information
- "Requesting campus border block for a printer"
- Static IP address
Further Securing Your Printer
- On a web browser, type in the printer's static IP. You can find this on the printer itself or by printing a configuration page which should list the IP.
- Configure\change the admin password on the web portal of the printer.
- The locations of these settings may vary depending on the brand of the printer.
- Configure the ACL (Access Control List) on the printer. This is like a firewall for printers.
- At a minimum configure the access from Caltech IP addresses only. This is different depending on the printer.
- (IP Address/Mask)
- 131.215.0.0/255.255.0.0
- Enable https connections
5. Disable the following protocols. These protocols may appear differently depending on the brand of the printer.
- Turn off the FTP protocol
- Turn off the AppleTalk protocol
- Turn off the Netware protocol
- Turn off the rsh protocol
- Turn off PJL Device Access Commands