Printer recommendation please

Jerry jerry at seibercom.net
Mon Apr 2 11:33:07 UTC 2012 

On Mon, 02 Apr 2012 08:09:07 -0700
perryh at pluto.rain.com articulated:

> Polytropon <freebsd at edvax.de> wrote:
> 
> > On Sat, 31 Mar 2012 14:01:43 -0700, perryh at pluto.rain.com wrote:
> > > I personally don't trust wireless, because it's well nigh
> > > impossible to truly secure it.
> >
> > In that case, one should also pay attention to secure the
> > printer. Wait - secure the printer? What am I talking about?
> >
> > Firmware attacks!
> >
> > Yes - malware has already reached printers ...
> 
> All the more reason to avoid wireless.  (I had been thinking more
> along the lines of someone intercepting sensitive print files, e.g.
> tax returns, as they were being sent to the printer.)
> 
> A printer connected to a hard-wired network, behind a firewall with
> no tunnelling to it allowed, is not going to get anything sent to it
> from outside.  Granted this does not protect against malware jobs
> sent from a local machine, but it at least avoids having malware
> sent wirelessly to the printer by someone parked out front, thus
> there's one less pathway needing to be secured.
> 
> It may also be a reason to _avoid_ printers that accept PDF directly.
> Since PDFs are often downloaded and printed, an attacker could post
> a bogus firmware download under an innocent-sounding name like
> "manual.pdf" leading someone to do
> 
> $ fetch http://.../manual.pdf && lpr manual.pdf
> 
> Oops.
> 
> However if said PDF has to first be locally converted to PS (e.g.
> by xpdf) before being sent to the printer, an attacker would have
> to (somehow) formulate a PDF that would cause xpdf to emit a
> "PostScript" file that looked to the printer like a firmware
> download.  I don't know enough about either PDF or xpdf to say
> whether that's possible, but I imagine it would at least be a
> whole lot more difficult than in the direct PDF case.

Obviously you are not aware of the latest trend towards the movement to
standardize PDF as the standard print format. I would recommend you
start by reading the documentation located at:
<http://www.linuxfoundation.org/collaborate/workgroups/openprinting>
and continue on from there.

While there might be some rational for your security concerns on a
business network in regards to wireless networks, they are not really
relevant on a home networks. The simple ease of use that a wireless
network gives a user on a home network far outweigh any pseudo claims of
espionage. Furthermore, there are means of encrypting print data. I
leave the mastery of that matter up to the student.

By the way, since you seem so concerned over your printers security, I
assume that you all ready have it at least password protected.
Personally, I prefer using certificates. Now that is real security.
Again, I assume you are using printers capable of that security.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
Faith goes out through the window when beauty comes in at the door.

More information about the freebsd-questions mailing list