Secure Internet printing using IPP over SSL

Problem:

• When we print over the Internet today, that print data is sent unencrypted

• Puts our data at risk

• Doesn’t force adherence to data protection laws

Solution:

• By using IPP over SSL instead of a raw printer connection, we can enforce encryption of all print traffic traversing the Internet

• Secures our data • Complies with data protection law

• Doesn’t require any new network hardware

• Doesn’t require any new printer hardware (at least not a lot)

• We’ll need to ensure that any printers we purchase in future support IPP over SSL.

Detail:

If we configure our existing Kyocera printers as follows then we can enable and use IPP over SSL.

• Enable SSL on printer

• Enable IPP over SSL on printer

• Open up firewall port on router to map a port on the external IP interface to the internal printer (TCP 443 by default)

• Connect to the printer Command Centre (web interface) and create a new SSL certificate who’s Common Name matches the external IP address of the remote site

• Ensure a password is set on the Command Centre web UI (which meets our Password Policy)

• Save this certificate and import it into the Trusted Root CAs certificate store on the print server

• Ensure the “Internet Printing Client” feature is installed on the print server

• Add a network printer to the print server, connecting to the URL of the externally visible port on the firewall (e.g. https://10.0.0.1/printers/lp1)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: