Network Security for Printers
If you feel uncomfortable performing the steps below to secure your printer(s) please contact the IT Support Centre by calling 613.533.6666 during regular business hours or by filling out the Online Help Form. For leased printers, please contact the vendor if assistance is required.
Most printers now provide easy, out of the box setup. Unfortunately most of these printers have little to no default security. This allows others to access the printer. They can be misused, allow the intruder to access copies of documents that have been sent to the printer and allow the printer to be used in an attack on other systems.
Note: All printers are required to have a secure admin password. (All Multi-Function Devices are to have a unique password that is set by the department, with assistance of the company from whom the device has been leased http://queensu.ca/cio/information-systems-security-office/standards/mfds-hard-drives)
There are two options that can be used to secure a printer:
Preferred and most secure method.
Your network printer may be moved to the campus private network. This limits access to the printer to only those computers and devices that are on the Queen's network..
Note: this is not a physical move of the printer but a re-assignment of the jack number that the network printer is on to a secure network.
The printer's IP address will have to be changed to an IP address on the Campus Private Network. Additionally, any computer that prints to the printer will have to update the print driver. In some cases, the user may need to reinstall the printer on their computers so the new IP address is detected during the install. If the printer is on AD the user will only need to log out of the computer and back in again.
For more Details see Moving to the Campus Private Network.
Setting up an Access Control List (ACL) is an alternate way of securing your printer. The ACL limits network access to the printer to only the IP addresses or subnets that you specify. This includes printing and all other access. Although this is not the preferred method, depending on your situation this may be the best method or only method available to you. Contact the IT Support Centre by calling 613.533.6666 if you require direction.
If you are in a leasing agreement, please contact your vendor for assistance in configuring security settings on your device.
For more Details see Setting up an Access Control List / IP Filtering.
- From: http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-bpj05999
- HP Jetdirect print servers with firmware of x.08.03 or above supports the ability to limit the access to the printer by creating an allow list or access control list in a telnet session.
- Other resources: https://answers.uchicago.edu/page.php?id=42399 has good resource for printer securing.
Last Updated: November 2016