Limiting it to the lpr port will help, and limiting input to defined domains will help a bit more, but most implementations are not robust, and a break against the lpr software running on the box might very well lead to a nice cozy home for a hacker on your network. They're not just printers anymore, they're printers that have computers built in - especially if they have hard drives and web servers on them.
On 3/6/08, Benjamin Zachary <[EMAIL PROTECTED]> wrote: > > > > What about just opening up the lpr port and then limiting access by ip on > the firewall? I do it, it works, I guess if it got hacked someone could run > me out of paper by printing garbage to it. > > > > Obviously if these are roaming clients you have some issues but I don't know > if I would have a big problem even limiting by domain, say verizon's > wireless range or similar. > > > ________________________________ > > > From: Roger Wright [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 04, 2008 5:36 PM > To: NT System Admin Issues > Subject: Secure Internet Printing > > > > Any recommendations for secure Internet printing options? > > > > Roger Wright > Network Administrator > 727.572.7076 x388 > ____ > > Matter will be damaged in direct proportion to its value. > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
