A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

    I hate printers. So too, does Leo Laporte, who is known as the Tech Guy on the radio. He will not take phone calls about printers.

    Background: There are two popular types of printers - those that squirt liquid ink and laser printers that, like a xerox machine, burn a toner (think colored dust) onto the paper. Liquid ink printers are called inkjets, those from HP are called deskjets. All inkjet printers print in color. Laser printers come in black/white or color versions. A laser printer should, in the long run, be more reliable, easier to maintain and cheaper to own and use. An inkjet printer is cheaper to buy. Most inkjets use very small ink cartridges that can not be refilled. A small number of inkjets use a large refillable ink tank. For more see How to Save Money on Your Next Printer: Weighing the Cost of Tank vs. Cartridge Ink by M. David Stone (Nov 2021).



    Printers are computers and, as such, they need bug fixes and they can get hacked. A bad firmware update can break the printer and those that check for new firmware automatically are at the greatest risk. As noted below, HP broke some of their printers in May 2023 with a bad firmware update. A firmware update may also introduce a feature you don't want, such as restricting the cartridges that can be used. Or, a hacked printer may appear to function correctly, but be spying on you, in that it may send copies of what it prints to bad guys. For these reasons, it may be prudent to prevent a printer from communicating with the Internet. I know of two approaches.

    1. If you have a router that offers outbound firewall rules, then you can create a firewall rule that prevents the printer from making any outbound connections on its own. This requires that the printer have a static IP address. The down side to this, is that the firewall rule needs to be disabled every now and then so the printer can check if there is new firmware. Typically only a business class router offers outbound firewall rules.
    2. A network capable printer needs some network configuration. This is usually done via DHCP and is mostly automatic. But, it can be done manually. If you manually configure it with an invalid gateway IP address, the printer should not be able to communicate with the Internet. For example, if your LAN is using 192.168.3.x and the router is, then lie to the printer and tell it the gateway/router IP address is Or, you could lie about the available DNS servers and specify something like as the DNS server.

    A hacked printer may also try to attack other devices on the LAN. One protection from this is to put the printer in its own VLAN. This, however, requires a somewhat high level of technical skill. First, you need to block outbound communication from the printer-only VLAN. Then you need allow only the necessary traffic into the printer-only VLAN. This is complicated by the fact that printers support a wide range of protocols, so you first need to determine which protocols your devices are using to communicate with your printer. And this assumes you even have a router/switch that supports VLANs. Most do not.

    Wi-Fi is yet another issue. Sure, Wi-Fi can be used to connect a printer to your LAN, fine. But there is another flavor of Wi-Fi called Wi-Fi Direct which does not involve your LAN or your router. Wi-Fi Direct lets two devices directly communicate with each other. While it may have its place, many people are not aware of Wi-Fi Direct and thus leave it on with all the default settings. This is bad for security, so if you do not use this feature, turn it off in the printer. At the very least, change the default Wi-Fi network password to something at least 15 characters long. This to prevent the Wi-Fi network created by the printer being used to hack into your LAN.



    In July 2023, the Washington Post ran a series of printer articles that they referred to as Printer Week.


  •  This page: 9 views per day (over 596 days)   Total views: 5,265   Created: October 12, 2022
    This Page
    Last Updated

    July 17, 2023
    Site Page
    Views TOTAL

    Site Page
    Views TODAY

    Website by
    Michael Horowitz
    Copyright 2019 - 2024