Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.

From Multifunction Device and Network Printers STIG

Part of Print Services Restricted to Port 9100 and/or LPD

Associated with IA controls: DCBP-1

SV-7015r1_rule Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.

Vulnerability discussion

Printer services running on ports other than the known ports for printing cannot be monitored on the network and could lead to a denial of service it the invalid port is blocked by a network administrator responding to an alert from the IDS for traffic on an unauthorized port.

Check content

The reviewer will, with the assistance of the SA, verify that the MFD or printer print services are restricted to LPD or port 9100. Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.

Fix text

Develop a plan to coordinate the reconfiguration of the printer servers and clients so that print services runs only on authorized ports. Obtain CM approval of the plan and implement the plan.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.