Enterprise printers have long been an afterthought in IT security, but all that changed earlier this year with PrintNightmare, a flaw in Microsoft's Windows Print Spooler Service that could be exploited in remote code execution attacks.
As a result, Microsoft has issued a series of patches – and enterprise security teams are beginning to assess the security of printers on their networks. This is especially critical given most companies will continue to operate as a hybrid workplace, with workers using their personal printers at home in addition to remotely connecting to the printers at work.
Nasser Fattah, North American steering committee chair for Shared Assessments, says printers have not been viewed as a security concern in the past, despite the fact they print some of our most sensitive data and are connected to our networks all day, every day. He points out that printers come with many applications, including Web servers – which, like any other application, can have default passwords and vulnerabilities – and considerable storage size to hold a significant amount of sensitive information.
“Also, office printers are connected to a company's identity repository so that users authenticate to print and the email system provides print status to users,” Fattah says. “Consequently, printers introduce serious security problems that can enable adversaries to access a company network, sensitive information, and resources. For example, adversaries, via the print default password, can redirect prints to an unauthorized location. Also, a vulnerable printer on a network presents an entry point for adversaries.”
Given these realities, we asked industry experts for tips on how to help security teams lock down printers on enterprise networks. After this year’s experience, security pros can’t say they weren’t warned about printer vulnerabilities.