Check: MFD03.001
Multifunction Device and Network Printers Security Technical Implemetation Guide:
(in versions v2 r15 through v2 r9)
Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously. (Cat III impact)
Printer services running on ports other than the known ports for printing cannot be monitored on the network and could lead to a denial of service it the invalid port is blocked by a network administrator responding to an alert from the IDS for traffic on an unauthorized port.
Check Content
The reviewer will, with the assistance of the SA, verify that the MFD or printer print services are restricted to LPD or port 9100. Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.
Fix Text
Develop a plan to coordinate the reconfiguration of the printer servers and clients so that print services runs only on authorized ports. Obtain CM approval of the plan and implement the plan.
Additional Identifiers
Rule ID: SV-7015r1_rule
Vulnerability ID: V-6790
Group Title: Print Services Restricted to Port 9100 and/or LPD
Expert Comments
Number | Definition |
CCI-001449 |
Disable, when not intended for use, wireless networking capabilities internally embedded within system components prior to issuance and deployment. |
CCI-002415 |
Employ boundary protection mechanisms to isolate organization-defined system components supporting organization-defined missions and/or business functions. |