Illegitimate print-outs using MWN printers

We have recently experienced an increased in unwanted print jobs sent to printers connected to the Munich Research Network (MWN). We’d like to remind you again that network-capable, unprotected printers with public IP-addresses can accept print jobs from anywhere. Access to cached print or scan documents cannot be excluded either.

There are a number of measures that can be taken to prevent this from happening:

• Deactivation of the Gateway IP address in the printer’s network settings. This makes sure that the printer is accessible only within the network that it’s connected to itself. With multifunction devices however, deactivation of the default gateway usually causes the device’s scan-to-mail function to stop working completely.
• Use private instead of public IP addresses. This prevents the printer from being accessible to the rest of the world.
• Restrict the availability of the printer with a firewall. You can use a personal firewall for the printer itself, if available, or a centralized network firewall.
• The printers usually have a management/configuration interface for which access (such as web interfaces) normally requires a standard log-in such as: User ID = admin, password =1234. Worst case, there is no log-in required at all. Set up your own administrator access or change the default log-in. This will prevent or make it difficult to change the settings or access cached documents from an external network.

Contact IT Support if you have questions or are experiencing problems.

This notification was originally published on April 21, 2016 under “IT Security News”.