1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Hi, thanks & a quick off-topic tip about multi-function devices (MFDs)

Discussion in 'Asuswrt-Merlin' started by ajh, Jan 17, 2020.

  1. ajh

    ajh Occasional Visitor

    Jan 13, 2020
    Long-time lurker, new member so hi.

    I wanted to thanks folks on this forum for the wealth of info you offer. While I'm not a total noob (I've administered a home network with a Cisco enterprise router, two network switches and a NAS and not totally screwed it up), I'm not a professional and I'm new to Asuswrt-Merlin and very much appreciate what a great resource this forum is.

    Although I hesitate to thank individual members for your excellent tips because there're so many of you offering solid advice and I'd leave lots of people out, I'd be remiss if I didn't thank Tim Higgins for running the site, @RMerlin for developing Merlin and @L&LD for his step-by-step guides.


    As a way of giving back I thought I'd share a quick off-topic tip. Folks here give a ton of attention to configuring and hardening routers but I haven't seen any passing mention on this or other SNB forums about hardening multi-function devices (MFDs) that print, scan and fax. As you might imagine, even if you harden your router, if you connect a MFD and leave it with the default password and default services still enabled, you're leaving open a potential vector to attack your network.

    With its bug bounty program, HP is a MFD manufacturer that's paying attention to security. Even so, when I just hardened a new 9000 series all-in-one printer, I was surprised that its default password was 1234567 and that it had enabled numerous services (like WPAD) with potential vulnerabilities. It took just a few minutes for me to enable HTTPS for the HP webui and to disable Digital Send, faxing, Google Cloud Print, HP ePrint, IPv6, LPD, Microsoft Web Services, proxy settings, Smart Tasks, Usage Data Collection, Web Services, Wi-Fi Direct and WINS, none of which I use or need.

    So, if you're thinking of doing the same, the best guide that I've come across is Multifunction Device Hardening Checklist by UT Austin's Information Security Office.