2. Security settings for your printer
Last revision April 8, 2016
To make setup and communication "easy" for users, vendors such as HP typically ship their network printers with all communication ports and protocols active, and no passwords needed for configuration. The problem with this is that Stanford's network is directly connected to the Internet. Leaving your printer in this default state exposes it to mischief from anyone in the world.
After you have registered your printer, and it is communicating via TCP/IP, you need to carefully consider which protocols should be disabled, and you need to set passwords for any configuration access. Be sure to tell the network manager which password you have set, so he can access the printer to debug problems! Better yet, ask our CRC support consultants to secure the printer via a request to HelpSU (or telephone 5-HELP).
For HP printers, make these security settings. Other brands may have similar settings.
- Make sure you have the latest firmware. If the printer is not brand-new, ask our desktop support consultant to check for new firmware.
- Disable telnet access. Telnet is not allowed on our network because it is inherently insecure.
- Set a non-obvious "community-name" (password) for SNMP "set" access.
- Disable the Web administration interface, or set a non-obvious password for it.
- Disable Legacy default IP (the "feature" that tells the printer to pick an IP address at random).
- Disable Appletalk (or Ethertalk) printing.
- Disable ftp printing. Ftp is not allowed on our network because it is inherently insecure.
- Disable DLC/LLC printing.
- Disable IPX/SPX printing.