[unisog] Printers, printers, printers

Paul FM paulfm at me.umn.edu
Wed Dec 12 13:24:27 GMT 2007


We actually have two private subnets.

One, which basically only allows the print-server to talk to the printers.
And another, which is only accessible from within the department (We have 
some people who don't want to send through the print server - and there are 
the multi-function devices).


Dan Green wrote:
> We have the same setup for printers (well, we have it and are slowly moving
> printers on to the secured VLAN), and yes, nothing gets on the network
> without a SysAdmin giving it an IP address. Use the same setup for IP based
> security cameras as well. 
> 
> Cheers,
> Dan
> 
> **********************
> Dan Green
> Director of Information Technology
> Dept. of Electrical and Computer Engineering 
> North Carolina State University 
> dan_green at ncsu.edu
> 919.515.0136
> 919.515.5523 (fax)
> http://www.wolftech.ncsu.edu/
> 
> 
> 
> 
> -----Original Message-----
> From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of
> Valdis.Kletnieks at vt.edu
> Sent: Tuesday, December 11, 2007 5:12 PM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] Printers, printers, printers
> 
> On Tue, 11 Dec 2007 16:46:11 EST, "Gaddis, Jeremy L." said:
>> On 12/11/07, Martin Manjak <MManjak at uamail.albany.edu> wrote:
>>> I'm curious as to what other schools are doing with respect managing 
>>> printers. Some of the issues and challenges include:
>>>
>>> I'm very interested in what types of controls people may have in 
>>> place to address any of the above?
>> We put printers on their own subnets, with ACLs in place that prevent 
>> "printer traffic" except from authorized print servers.  The same set 
>> of ACLs prevents access to the management interface except from 
>> authorized managers.
> 
> How do you enforce that for printers that people/depts buy for themselves,
> or do you have total control over the network, so they can't connect
> *anything* without your OK?
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-- 
---------------------------------------------------------------------
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul Markfort   Info: http://www.menet.umn.edu/~paulfm
---------------------------------------------------------------------


More information about the unisog mailing list