Printers are often built off Simple Network Management Protocol (SNMP). SNMP could have been a great thing. It allowed a lot of different things to be done remotely, and was great for the system administrator miles away from the site.
Then people realized that SNMP version 1 and 2 have no real way to be secured. None. There is no way to create secure SNMPv1/2. So the only thing to do is turn it off on the printer. After you turn off SNMP v1/2 on the printer, your printer goes offline and now you can't print.
The Windows troubleshooter tells you the printer is powered off. You moan. You groan. You Google things.
Anyways, the answer is in turning off SNMP on the device. Note this problem only applies to network printers. USB printers don't have this issue because they have a direct connection.
In Windows 7, navigate to devices and printers.
Right click the offending printer.
Printer properties.
Ports tab
Find the check marked tab, and hit configure port.
See that lovely SNMP Status Enabled check mark? Get rid of it.
Ok until you are out of all the messages, and magically your offending printer spits out 85 sheets of paper because someone hit the print 30 times, thinking they hadn't hit the button.
Now that you've solved the Windows problem, it's back to the printer.
So, the printer companies occasionally make software to check on their printers and get meter readings. Larger companies lease printers and charge monthly and for printing more than an allocated amount. Or they charge by the page. For those companies to make and collect their money, they have a tendency to use SNMP to get readings from each printer. Compare the beginning from the ending, and you have pages used.
Simple.
But SNMP v1/2 aren't secure so you have to find how to turn on SNMPv3 on the printer. That's usually a matter of finding some sort of web interface and then setting up the read and read/write strings. That usually varies by printer manufacturer.
So what about Windows? Windows doesn't support SNMPv3, and Microsoft is removing SNMP support in future versions of Windows. If you really like SNMPv3, and can't live without it you have to find your own SNMP tool.
I find SNMP interesting, but the inability to secure it properly and the need to get 3rd party support to get it working properly tells me the easiest thing to do is turn it off and get rid of it.
FYI, SNMPv1/2 vulnerabilities are considered bad ones and will cause a failure in internal PCI compliance scans.
No comments:
Post a Comment