2. Security settings for your printer
Last revision September 14, 2010
To make setup and communication "easy" for users, vendors such as HP typically ship their network printers will all communication ports and protocols active, and no passwords needed for configuration. The problem with this is that Stanford's network is directly connected to the Internet. Leaving your printer in this default state exposes it to mischief from anyone in the world.
After you have registered your printer, and it is communicating via TCP/IP, you need to carefully consider which protocols should be disabled, and you need to set passwords for any configuration access. Be sure to tell the network manager which password you have set, so he can access the printer to debug problems! Better yet, ask our CRC support consultants to secure the printer via a request to HelpSU (or telephone 5-HELP).
For HP printers, make these security settings:
- Make sure you have the latest firmware. If the printer is not brand-new, ask our desktop support consultant to check for new firmware.
- Set a password for telnet access and a community-name for SNMP access.
- Disable the Web administration interface, or set a password for it.
- Disable Legacy default IP (the "feature" that tells the printer to pick an IP address at random).
- Disable Appletalk (or Ethertalk) printing.
- Disable ftp printing.
- Disable DLC/LLC printing.
- Disable IPX/SPX printing.