Date: Mon, 2 Apr 2012 07:33:03 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Printer recommendation please Message-ID: <20120402073303.1ae0ea96@scorpio> In-Reply-To: <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> References: <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de> <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 02 Apr 2012 08:09:07 -0700 perryh@pluto.rain.com articulated: > Polytropon <freebsd@edvax.de> wrote: > > > On Sat, 31 Mar 2012 14:01:43 -0700, perryh@pluto.rain.com wrote: > > > I personally don't trust wireless, because it's well nigh > > > impossible to truly secure it. > > > > In that case, one should also pay attention to secure the > > printer. Wait - secure the printer? What am I talking about? > > > > Firmware attacks! > > > > Yes - malware has already reached printers ... > > All the more reason to avoid wireless. (I had been thinking more > along the lines of someone intercepting sensitive print files, e.g. > tax returns, as they were being sent to the printer.) > > A printer connected to a hard-wired network, behind a firewall with > no tunnelling to it allowed, is not going to get anything sent to it > from outside. Granted this does not protect against malware jobs > sent from a local machine, but it at least avoids having malware > sent wirelessly to the printer by someone parked out front, thus > there's one less pathway needing to be secured. > > It may also be a reason to _avoid_ printers that accept PDF directly. > Since PDFs are often downloaded and printed, an attacker could post > a bogus firmware download under an innocent-sounding name like > "manual.pdf" leading someone to do > > $ fetch http://.../manual.pdf && lpr manual.pdf > > Oops. > > However if said PDF has to first be locally converted to PS (e.g. > by xpdf) before being sent to the printer, an attacker would have > to (somehow) formulate a PDF that would cause xpdf to emit a > "PostScript" file that looked to the printer like a firmware > download. I don't know enough about either PDF or xpdf to say > whether that's possible, but I imagine it would at least be a > whole lot more difficult than in the direct PDF case. Obviously you are not aware of the latest trend towards the movement to standardize PDF as the standard print format. I would recommend you start by reading the documentation located at: <http://www.linuxfoundation.org/collaborate/workgroups/openprinting>; and continue on from there. While there might be some rational for your security concerns on a business network in regards to wireless networks, they are not really relevant on a home networks. The simple ease of use that a wireless network gives a user on a home network far outweigh any pseudo claims of espionage. Furthermore, there are means of encrypting print data. I leave the mastery of that matter up to the student. By the way, since you seem so concerned over your printers security, I assume that you all ready have it at least password protected. Personally, I prefer using certificates. Now that is real security. Again, I assume you are using printers capable of that security. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Faith goes out through the window when beauty comes in at the door.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120402073303.1ae0ea96>