… A Fairfax Media Google search on Monday of exposed printers in Australia revealed that the University of Melbourne, University of New South Wales, University of Queensland, University of Wollongong, La Trobe University and the University of Sydney all had printers accessible remotely via the web that could be used by anyone.
The University of Melbourne appeared to have the most publicly accessible printers, with 26 able to be accessed without a password. …
– Security fears over exposure of web-accessible printers (2013-Jan-29) [The Age]
And yes, less than 5 minutes of testing and we have our first exposed printer.
One of the units that was set up via our new internal centralized support system that bypassed all hardening processes that our local systems had previously used
The quick fix is to set “Information tab requires administrator access” which then forces a login when trying to access the Embedded Web Server (EWS). This then allows you to work through the full security wizards and harden the printer security to an appropriate level by turning off the services and protocols that are not required.
(To get this far you will need to have the Admin password, if it has been set by someone else and you have physical access to the printer it is possible to reset the security password).