ITS

Information Technology Services
Information Technology Services

Protocol Configuration and Disabling Un-used Protocols

 

When securing a printer it is best practice to disable all protocols that you are not using.  This can be confusing and may require consultation.

Protocols

IPv6 should be disabled as Queen's campus is not using it.

  • Simple Network Management Protocol (SNMP) v1/v2 should be disabled.  If it is required for your setup, it should be enabled for only read only access. SNMP V3 should be disabled.
  • Telnet should be disabled if alternative method is available to configuration the printer.
  • TFTP should be disabled.
  • FTP should be disabled. 
  • Link-Local Multi-cast Name Resolution (LLMNP)  should be disabled. The LLMNR is a protocol defined in RFC 4795 to perform name resolution for hosts on the same local link. It is an alternative to NetBIOS over TCP/IP (NetBT) to resolve computer name.
  • AirPrint  should be disabled as it does not work with Queen's Wi-FI. AirPrint is a mobile printing solution included with the Apple iOS. iPad, iPhone, and iPod touch.  Users can print wirelessly to any ePrint-enabled HP printer that is connected to the same local wireless network.
  • Service Location Protocol (SLP, srvloc)  should be disabled if not in use.  SLP is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration.
  • WS-Discover should be disabled if not in use.  Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multi-cast discovery protocol to locate services on a local network.
  • WS-Print  should be disabled if not in use.  https://msdn.microsoft.com/en-us/library/windows/hardware/dn641604(v=vs.85).aspx
  • WS-Scan  should be disabled if not in use.
  • ARP-Ping disabled.
  • SOAP Scan should be disabled if not in use - http://h30499.www3.hp.com/t5/WebInspect/Walk-through-on-how-to-scan-Web-Services-with-WebInspect/m-p/5658909#M1524
  • eSCL is a protocol that is used for remote scan from MaOS X. eSCL is protocol used by Apple's AirScan capability with Image Capture.​

The following Protocols are used to send print jobs to the printer. Depending on your needs you can disable any of them to provide additional security.

  • LPR
  • HP JetDirect Port 9100
  • IPP Printing 

Last Updated: August 2016