Slashdot Mirror
Secure Printing?
RiverWolf asks: "As a Systems Administrator (a.k.a. 'paranoid security freak') I spend much of my time tightening down systems, loading patches, and just generally making sure no one does what they're not supposed too. While tools like ssh have become a staple for file transfer and terminal sessions, I recently began looking at all the little print servers we have throughout my offices and wondered "hmm, can those things be sniffed?".
Until now, my focus for printing has always been 'just get it working', but if someone can sniff the print jobs (like payroll and other confidential information) as they go across the network, then it doesn't matter how locked down eveything else is.
Is there a standard for secure (encrypted transmission) network printing, or does anyone know of a way to do this? I found this document that deals with it in a round about fashion, but with dozens of printers spread throughout multiple locations, I don't see it as an option."
Sniffing traffic on a switched network is often as easy as falsifying a MAC, pinging about now and then to keep the switch confused, and listening.
Says the RIAA: When you EQ, you're stealing bass!
CUPS allows use of IPP (Internet Printing Protocol) over SSL. I don't know whether Windows even supports IPP but it's pretty nifty on UNIX systems.
You are using a switched network, right? If so, snooping is not an issue (well, not a BIG issue anyways). Otherwise you have much larger problems on your hands than printing. It amazes me that people are still using hubs... it's 2002 right? Although I have to admit, my campus is guilty. The people I support are on a switched network, but we had to provide our own infrastructure. Everyone else in the building are on 10BaseT hubs :(
Otherwise, look at LPRng which supports tcp_wrappers, doesn't run as root, doesn't need to run as a daemon on all systems, supports access control so you don't have to su - to delete print jobs, stop the printer, etc. Supports kerberos... I could go on.
-Steve