Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: network printers

from [DMORROW5] Network Security [Permanent Link]
Subject: Re: network printers
Date: Fri, 16 Dec 2005 10:03:16 -0600 
Keep in mind, and even more so today, that printers, and now
Multifunction devices (MFD's), usually have an embedded web server, ftp
server and telnet turned on by default. 

regards, 

Dana

----- Original Message -----
From: Sean Peterson <mrpeterson@theunixman.com>
Date: Friday, December 16, 2005 5:26 am
Subject: Re: network printers


To get an idea of the vulnerability of printers, I looked at 
"Hacking 
Network Printers" at  
http://www.irongeek.com/i.php?page=security/networkprinterhacking

Some manufacturers have documented basic security procedures, for 
example "HP Jetdirect Print Servers - Making HP Jetdirect Print 
Servers 
Secure on a Network" at 


http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj05999


If you allow clients to print directly to the device via IP, then 
deploying a host with SysLog and  configuring the print devices to 
record their errors to the syslog host helps tremendously with 
diagnosis 
and problem analysis.

Hope this helps and if you come across any more detailed 
procedures, 
please post them on the list.

-Sean

Mark Brunner wrote:


Haven't looked at printers in a while.
Are there any best practices hardening and audit docs for printers?

Mark

-----Original Message-----
From: Ben Nagy [mailto:ben@iagu.net]
Sent: Saturday, December 10, 2005 1:24 AM
To: pen-test@lists.securityfocus.com
Subject: RE: empty sa passwords on network printers ??


Not sure what you mean by SA password, but HP printers run Java, 

which is

turing complete. If you have full access to the printer you can 

make it do

absolutely anything you want - it's just as good (or better) as 

owning a

workstation.

Check out some of the phenoelit stuff to scare yourself:
http://www.phenoelit.de/stuff/defconX.pdf

Cheers,

ben

 


-----Original Message-----
From: Jason Rusch [mailto:rusch.j@gmail.com]
Sent: Saturday, December 10, 2005 2:51 AM
To: pen-test@lists.securityfocus.com
Subject: empty sa passwords on network printers ??

curious whats peoples opinion on the risk level etc concerning empty
SA passwords on network printers?


Jason P. Rusch, CISSP
Sr. Information Security Administrator
Infosec-rusch
Tampa, FL 33619



--------------------------------------------------------------------
----------
Audit your website security with Acunetix Web Vulnerability 
Scanner: 

Hackers are concentrating their efforts on attacking applications 
on your 
website. Up to 75% of cyber attacks are launched on shopping carts, 
forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down 
servers are 
futile against web application hacking. Check your website for 
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before 
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------------
-----------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cracking WEP and WPA keys, Cedric Blancher
Next by Date:  Re: Cracking WEP and WPA keys, Matthias.Vallentin
Previous by Thread:  RE: network printers, McHenry, Glenn CTO1
Next by Thread:  Cracking WEP and WPA keys, Robin Wood
Indexes:  [Date] [Thread] [Top] [All Lists]