In case you all haven’t found the root of it
https://storify.com/weev/a-small-experiment-in
__
Debra Goldentyer
510-643-3847 | goldent...@berkeley.edu
*From:* micronet-list-boun...@lists.berkeley.edu [mailto:
micronet-list-boun...@lists.berkeley.edu] *On Behalf Of *Jay BRYON
*Sent:* Monday, March 28, 2016 10:44 AM
*To:* Micronet List
*Subject:* Re: [Micronet] Neo-Nazi Printer Spam
As one of the network guys, the issue I often see over and over again with
regards to printer security is simply that:
Nobody knew that
A) it was an issue, or if they did then:
B) that there are mitigation strategies available and/or,
C) How to ask for help from IST (particularly network resources).
Since that last bit is of particular painfulness, here:
http://telcat.berkeley.edu/
Telcat has the new vastly improved ordering system for network services
among other things, in the Telecom Catalog. (Note: the shopping cart is no
longer, ignore it and/or celebrate).
Here you could order the services to move your printer to RFC1918 space
(campus only networking, which isn't a total solution but would probably
cut down the noise a bit).
There is also the campus firewall service, which is free, and also the
option of moving printers to their own subnet to separate them out and make
it easier to secure them via the FW service etc. (Note, you will need to
configure rules, it's not magic).
All these options are freely available, emphasis on free. The only thing
charged for these days is cable installs, which are likely not to apply
here, since we're talking about printers already on the network.
If you don't see what you want in the catalog, request "Other Data
Networking Service Request" and a general description of your objective,
and we'll consult and see what can be done.
(OTOH- if something is non-functional/broken, then file a trouble ticket
via the service desk, that's a different animal.)
This is just me speaking out of personal observation and
experience/knowledge, but I'm unaware of any inaccuracies of the above
statements. Not an official IST departmental position or statement of
course.
-Jay
On Fri, Mar 25, 2016 at 8:55 AM, Paul Rivers wrote:
I certainly agree there is a problem with printer security across the
campus.
In my view, the problem is not a result of lack of information about
subnets, vulnerabilities and/or attack vectors. We can (and already do)
bury the campus in this kind of information.
I would be interested in continuing the conversation and offering my view
of why something like printer security continues to be a problem, and this
might be a good opportunity to discuss this year's funding proposal for
information security. However, we should move this discussion off of
micronet. Micronet is very public. (The likely culprit behind this latest
wave of printer spamming has already posted this micronet threat in his
twitter feed, for example.) If you are not a member of UCB-security,
perhaps join there first, and we can continue the discussion there?
https://security.berkeley.edu/resources/mailing-lists-workgroups/ucb-security-mailing-list
Paul
On Fri, Mar 25, 2016 at 8:27 AM, Alex Warren
wrote:
Paul,
I actually think what this shows is the lack of security people put into
setting up their network printers. Hopefully this isn’t a symptom of a
larger problem that people have with hardening their systems/peripherals to
prevent unauthorized use. Campus should really invest in a product that
can map the network and show us all our subnets and all attack vectors for
every machine on campus.
Alex Warren
CED IIT
University of California, Berkeley
485 Wurster Hall
Berkeley, CA 94720
(510) 295-5714
*From:* micronet-list-boun...@lists.berkeley.edu [mailto:
micronet-list-boun...@lists.berkeley.edu] *On Behalf Of *Paul Rivers
*Sent:* Thursday, March 24, 2016 1:09 PM
*To:* Allison Henry
*Cc:* Micronet List ; Keenan Parmelee <
keenanp...@berkeley.edu>
*Subject:* Re: [Micronet] Neo-Nazi Printer Spam
Yep, what Allison said. Berkeley wants to be #1 in many areas, but being #1
in printers listed as listening on the public internet as reported by
shodan shouldn't be one of those areas.
Paul
On Thu, Mar 24, 2016 at 8:05 PM, Allison Henry <
akhe...@security.berkeley.edu> wrote:
Hi Micronetters, please do take a look at the best practices page and
put measures in place to restrict access to printers from the public
internet. The article indicates some methods you can use to accomplish
this, and if you still have questions you can contact
secur...@berkeley.edu for help.
If you receive abusive or unwanted messages on printers/MFPs, and you
have access to logs indicating the timestamp and IP address responsible
for the print job, please send to secur...@berkeley.edu. Thanks all,
- Allison Henry
On 3/24/16 11:43