Skip to content

better printer network security #314

Description

@BNH440
  • add ipsec rules on all printers
    • fishpaper is a pretty good example of the correct way to do it, basically just only allow tule's ip for printing and allow all ip's access to the web interface
    • although currently fishpaper allows all management operations for any ip which exposes snmp publicly in the network which is bad, it should only be accessible by whatever host is pushing to the ocfstats db (which we haven't figured out, see fix lab stats page ocfweb#896
  • have a secure password for admin operations on the printers and create an opstaff user with an easy to type password (because printer display keyboard sucks), that allows a few specific actions:
    • allowed actions:
      • reading supplies status and printer status (main web dashboard page)
      • accessing remote control panel from web dashboard
      • running a cleaning cycle
      • cancelling jobs

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Ready

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions