Networked printers are very common, so if there is a vulnerability exposed to the network the printer can be exploited and infect other machines, or copy all printouts etc
The bigger concern is that infections can spread. Even if the printer isn’t accessible via WAN, something on the network will be. So if something else gets infected, it will be able to spread to the printer via LAN. Unless it’s the only thing on the network, LAN-only won’t fully protect it from infection.
And once it’s infected, you have a rogue device on your network. It can use things like UPnP to access the WAN, turning it into a node for someone’s botnet.
Set some firewall rules. The printer doesn’t need to be able to make any outbound connections. It only needs inbound connections on a few ports to work.
I feel like you glossed over the “you have a rogue device on your network” side of things. Even if it can’t reach the internet directly, it will still quietly sit there and try to infect every other device on your network.
If you’re not in the habit of updating your firmware, (and in this case, you’re actively defeating firmware updates), that infection can quickly snowball.
Isn’t the concern that if you infect a printer locally, you can use that to “pivot” to another device on that network that IS connected to the internet?
I don’t really understand your snippet. But yeah i think the issue with IoT devices having connection to any other network device at all is that if they have a security hole that can be exploited through a malicious USB drive or BT or any other compromised device it can connect to, that it can act maliciously in a number of ways. The only true security for devices that can’t get patched is a complete air gap for any connected devices.
My LaserJet is from '08 and still works great with just a USB (or parallel port… lol). It even does an occasional toner transfer or transparency for printed circuit boards. They making 17+ year printers any more
It is nice to have a discoverable printer on the network that anyone can print to from their laptop or phone. I use that feature all the time, especially on d&d nights
Networked printers are very common, so if there is a vulnerability exposed to the network the printer can be exploited and infect other machines, or copy all printouts etc
Printers only need a LAN connection. There is no need to give them internet access.
The bigger concern is that infections can spread. Even if the printer isn’t accessible via WAN, something on the network will be. So if something else gets infected, it will be able to spread to the printer via LAN. Unless it’s the only thing on the network, LAN-only won’t fully protect it from infection.
And once it’s infected, you have a rogue device on your network. It can use things like UPnP to access the WAN, turning it into a node for someone’s botnet.
Set some firewall rules. The printer doesn’t need to be able to make any outbound connections. It only needs inbound connections on a few ports to work.
I feel like you glossed over the “you have a rogue device on your network” side of things. Even if it can’t reach the internet directly, it will still quietly sit there and try to infect every other device on your network.
If you’re not in the habit of updating your firmware, (and in this case, you’re actively defeating firmware updates), that infection can quickly snowball.
Isn’t the concern that if you infect a printer locally, you can use that to “pivot” to another device on that network that IS connected to the internet?
I see your point, I hadn’t thought about it this way. I think what you’re suggesting is this:
I don’t really understand your snippet. But yeah i think the issue with IoT devices having connection to any other network device at all is that if they have a security hole that can be exploited through a malicious USB drive or BT or any other compromised device it can connect to, that it can act maliciously in a number of ways. The only true security for devices that can’t get patched is a complete air gap for any connected devices.
My LaserJet is from '08 and still works great with just a USB (or parallel port… lol). It even does an occasional toner transfer or transparency for printed circuit boards. They making 17+ year printers any more
It is nice to have a discoverable printer on the network that anyone can print to from their laptop or phone. I use that feature all the time, especially on d&d nights
A Linux PC connected to the printer can advertise it to LAN with CUPS.