Use physical security
Physically secure the printer, as if it were a computer server.
Enable access controls
Change the administrator password on the https (web) login. On any printer that supports it, install a CA certificate and use it instead of a password for administrative access. If available, use access lists to limit the users who can access the printer.
Limit network ports and protocols
Besides printing directly printing to a printer with an IP address on port 9100, other protocols can be used for specific operating systems. These include:
On Unix systems - ftp and lpd, on Windows networks - DLC/LLC, on Novell networks - SLP Config, IPX/SPX, and on Apple Macintosh networks - mDNS and AppleTalk
These protocols are used to find printers on the network and send print jobs to them. These protocols are rarely used, but are still available on most printers. They are vulnerable to attacks and should be turned off.
Restrict management services
SNMP, telnet and https (web) are protocols used to manage printers. Telnet is rarely used on older printers without web access. If https (web) access is available, telnet should be turned off. SNMP is used for large organizations managing hundreds to thousands of devices, including printers. SNMP should be turned off.
If there is a documented requirement for SNMP, the following guidelines should be followed to prevent security vulnerabilities from being exploited:
Turn off version 1 and 2 of SNMP, and change the default SNMP read and write community strings.
Turn logging on and review logs as appropriate to detect and/or investigate potential security breaches.
Next Scheduled Review: February 2016
Revisions: February 2015
Effective: Original version was released 2001