Secure campus printing

It is an unfortunate fact that some of the easiest and weakest security points to hack at tertiary educational institutions, are unsecured printers. The hacker is simply able to target open printing ports (the default port, in most cases) and from there, can gain access to campus IPs.
 
“When it comes to protecting the computing infrastructure at an educational institution, securing printers is not always a priority. However, best practice for securing your printer fleet is possible, and administrators should recognise printer-related risks and take steps to mitigate them,” says Mario De Carvalho, Solutions Specialist at Konica Minolta South Africa. 
 
Typically, colleges have computer labs and libraries that contain several multifunctional printers (MFPs). Individual departments and schools are often located in separate buildings on large campuses and have their own fleet of printers. Students often send their print-outs to printers near their accommodation facilities on or near campus, while faculty employees can print anywhere on campus. Every printer has to be connected to the network and therefore this becomes a potential access point for a malicious third party.
 
University printing vulnerabilities can often be traced back to open ports and MFPs are typically delivered in an open state, to allow for easy network connection. Even when these printers are properly locked down, they are commonly reset when serviced and, revert back to their original vulnerable state.
 
One way to address this flaw is to install pull-printing software. Students and staff members submit print jobs as they would normally do, but instead of going directly to a target printer for immediate output, print jobs are 'stored' in a secure virtual queue. Users can then release or 'pull' their documents while standing at any convenient printer on the campus network.
 
This workflow ensures that documents are not left unattended in output trays, while also preventing wasteful reprints and stacks of unclaimed documents collecting around printers. Pull-printing software also integrates with common student payment systems for cost recovery and or departmental chargeback.
 
But software solutions alone will not constitute a comprehensive print security strategy. In addition, campuses should only make printing available on the local network segment by restricting network access with a firewall and/or routing rules.
 
“School IT leaders have a responsibility to protect students, employees and other stakeholders from the potential damage of cyberattacks, including those involving their networked printers. Left unchecked, poor printer security invites hackers into the network, allowing them to access sensitive areas and valuable information. When it comes to printers and their role in overall campus security, the most prepared university and TVET administrators and also IT professionals, are those who follow these best practices and stay current with the changing technology landscape,” concludes De Carvalho.