Knowledgebase
Knowledgebase : PaperCut > Security and Privacy
A common query we receive is what measures can be taken to prevent users from bypassing PaperCut NG and PaperCut MF. In such situations, users allow themselves to print for free by connecting to printers directly from their workstation or laptop. These ar...
We have pooled our security knowledge and lessons learnt over the past two decades to bring you a new white paper: Securing your Print System [https://support.apposite.com.hk/Knowledgebase/Article/View/papercut-security-whitepaper]. This paper provides pr...
PaperCut automatically generates an SSL/HTTPS certificate during the install process. This certificate is subsequently used to encrypt sensitive data, and to secure the HTTPS based web access. Web browsers may however raise the following warnings about th...
DOES PAPERCUT HAVE A PRINT SECURITY BEST PRACTICE CHECKLIST? Absolutely! We have pooled our knowledge and created a comprehensive Print Security whitepaper that will help you not only make the most of PaperCut’s security features, but also help you secur...
It doesn’t take much to convince organizations nowadays on the importance of security and protecting sensitive information that is stored digitally, in mid-transit, or being printed from the printer. Just take a moment and think about all the security mea...
USING LDAPS TO SECURE A SYNC SOURCE CONNECTION (LDAP OVER SSL) LDAP is a great method of connecting PaperCut to your directory services, however, LDAP is not encrypted by default. Standard LDAP leaves some important information exposed to prying eyes. Fo...
PaperCut 17.3 introduced a security enhancement to improve the coverage of HTTP header origin checks, in line with OWASP [https://www.owasp.org/] recommendations. However, in some cases, attempting to log into the Admin or User web interface after upgradi...
With the release of PaperCut 16.2, we have updated the JRE (Java Runtime Environment) to 8u92. On some older devices with weaker SSL ciphers (such as, RC4), this upgrade might cause issues with the connection between the MFD and PaperCut. To enable suppo...
Some customers may have a requirement to understand how traffic is encrypted between PaperCut and the embedded or on-board applications running on their MFDs. The following on-board application platforms, where functionality is delivered via web-services...
I WOULD LIKE TO CONFIGURE A FIREWALL ON THE SERVER. WHAT PORTS DOES PAPERCUT USE? The main network TCP ports used by PaperCut are: * 9191 for HTTP connections * 9192 for secure HTTP/SSL connection * 9193 for device RPC (only used for embedded copi...
By default, PaperCut offers both plain HTTP and encrypted HTTPS based browser access. HTTP is on port 9191 and HTTPS/SSL on port 9192. To restrict end-user and admin access to the system via SSL only: * Login as an _admin_ level user. * Navigate to O...
As of May 25th, 2018, the EU will enforce the General Data Protection Regulation (GDPR) [https://www.eugdpr.org/] for all member states. With significant penalties for leakage of personal data, organisations are required to carefully consider their compli...
Recently, a major security vulnerability has been discovered in the software shell GNU Bash [http://www.gnu.org/software/bash/]. The vulnerability known as _Shellshock_ can allow attackers to remotely access and control systems using Bash (and programs th...
_“Our organization is concerned about maintaining our users’ privacy, and we need to find a way to hide document names from other users or administrators. Is there a way to do this?”_ Prior to Windows server 2012, it was extremely easy to see what everyo...
_“I want to improve the privacy of print jobs that are submitted to my virtual queue; ideally I want to hide the owner of a print job entirely. Is there any option in Papercut NG/MF to do this?”_ You have a few options here, if it’s only the Print Job Ow...
Source: https://hitrustalliance.net/hitrust-csf/ The Health Information Trust Alliance (HITRUST) CSF has become the most widely-adopted security framework in the U.S. healthcare industry. PaperCut can assist in obtaining this high level certification by...
By default PaperCut uses an internal embedded database called Apache Derby which was initially developed by IBM and sold as Cloudspace DB. PaperCut can also be run on external databases like Microsoft SQL Server. Some PaperCut customers may wish to utili...
_“I’ve been asked to enable SSL debugging by a member of the PaperCut Support Team. I’ve looked everywhere, how am I meant to do that?”_ From time to time the PaperCut developers may call on the PaperCut Support Team to enable Java SSL debugging in a Pap...
_With many thanks to Rhett from Portland State University for this one!_ When setting up a PaperCut Web Print Sandbox server we recommend that the machine is physically secure as it is required to be logged in at all times. This can easily be secured by ...
I WISH TO USE THE INTERNAL USERS [https://www.apms.com.hk/product/ng-mf/manual/applicationserver/topics/user-guest.html] FEATURE BUT HAVE CONCERNS ABOUT SECURITY. HOW AND WHERE ARE THE USER’S PASSWORDS STORED? All information associated with an _internal...
If you are using an SSL Certificate in IIS, you can configure PaperCut NG to use it as well. This will allow you to access PaperCut via HTTPS without seeing error messages about the certificate you are using. See: * Importing an existing SSL ke...
This article lists the commands used to import your existing SSL certificates into PaperCut when running on Linux. This will allow the certificates to be used for accessing the web interfaces via HTTPS. Many thanks to Matt Peacock of Belper School [http:...
Since version 18.1, PaperCut NG and PaperCut MF support IPPS printers. Printing over IPPS ensures print traffic to the printer is encrypted. This guide focuses on the steps to add an IPPS printer on a Windows Print Server. Follow this end-to-end print s...
_“Help! I’m a Systems Administrator and I need to install a custom SSL Certificate onto our PaperCut server. What’s the easiest way to do this?”_ Setting up PaperCut to use SSL/TLS can be fairly complicated if you take the command line approach and can s...
You may receive this error message when using the keytool argument of -keysize keytool error: java.lang.IllegalArgumentException: Modulus size must range from 512 to 1024 and be a multiple of 64 By default the keytool that is provided with PaperCut will...
HAVE YOU HEARD THE STORY ABOUT 150,000 PRINTERS BEING HIJACKED? Unfortunately, this one was not a joke, as many offices discovered earlier this year (read more from the BBC in “Hacker briefly hijacks insecure printers [http://www.bbc.com/news/technology-...
WHAT IS PCI COMPLIANCE? The PCI (Payment Card Industry) is the international standards and compliance body for credit card data management and security. PCI publish and maintain a set of standards, PCI DSS [http://en.wikipedia.org/wiki/Payment_Card_Indu...
When using release stations or account selection popups, PaperCut pauses jobs on the Windows print queue to hold jobs prior to printing. It is important, especially in charging environments, that the queue is secured to prevent users from resuming jobs th...
PaperCut 18.3 introduced a security enhancement to rate limit authentication attempts in line with OWASP [http://www.owasp.org/] recommendations. This hardens deployments against password brute forcing attacks, by failing authentication requests when the ...
_“As an infosec professional or a security-conscious sysadmin, I am looking to make our PaperCut server as secure as possible. What configuration changes can we make to PaperCut applications to ace our next pen-test or harden our server against would-be n...
PaperCut uses an embedded web server called Jetty [1]. Although the out-of-the box security related settings should suit most sites, in some situations there site-specific options that may improve security. For general security related questions be sur...
This article is written for security or network specialists and a certain level of security expertise is assumed. An often asked question is how to manage SSL cipher lists used by the PaperCut application server. This question may arise in response to co...
_“Help! As of (insert date), my (insert vendor) will no longer support TLS 1.0 or TLS 1.1 in (insert vendor’s application) and will use TLS 1.2 instead. Is my version of PaperCut NG or MF ready to support the transition?”_ SO, IS MY VERSION OF PAPERCUT N...
“_Help! We get a certificate error when browsing to the web interface of our Mobility Print server! What should we do?”_ ABOUT MOBILITY PRINT AND CERTIFICATES By default, the Mobility Print server will use a self-signed certificate. While the self-signe...
By default PaperCut can use SQL authentication by configuring the database username and password in the PaperCut server.properties file. This is discussed in the manual here [https://www.apms.com.hk/product/ng-mf/manual/common/topics/ext-db-upsizing.html]...
With PaperCut MF and NG, you can ensure that all print traffic on your network is encrypted. Before validating that your traffic is secure, follow the comprehensive guide to end-to-end print security [https://support.apposite.com.hk/Knowledgebase/Article/...
PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of SNMPv3 however for information such as toner levels, printer serial numbers we make use of the SNMPv2 protocol. If an organisation only allows the use of S...
We are aware of certain PaperCut software executables being incorrectly flagged by anti-virus software vendors such as, but not limited to: AVG, G DATA, IBM QRadar, McAfee, Norton, Symantec, Trend Micro and Windows Defender / Security. The following file...