The client had two Dell 2155cdn printers. A scan of the devices revealed that all of the services were turned on (by default) although they were not being used. Time to secure the printers!
Firmware Update
First, update the firmware. Go to the Dell website to download: https://www.dell.com/support/home/us/en/04/product-support/product/dell-2155cn-cdn/drivers
Note that you’ll have to select Windows 7 as the OS to see the Firmware download. I ran this package on Windows 10 without issue.
To run the firmware update remotely, you’ll need to know the SNMP R/W string. If it isn’t “public” then you’ll have to know it or reset it (see below). Next, you’ll see a list of found printers. Select the printer and click Next.
I also discovered that port 9100 (Raw Port) must be open for the update to succeed.
When the process completed, I received a “fail” message from the software. I was no longer able to ping the printer. The printer had lost its IP address and the default gateway. After setting those on the printer’s control panel, I was able to connect again via the web interface.
Password
They had a password for the devices, and it wasn’t the default! The password worked for one printer, but not for the other. The web admin password can be reset from the printer’s control panel, but it wasn’t obvious to me looking through the options. The option you are looking for here is System Setup > Admin Menu > Network > Reset LAN > Yes. This will also reset the IP address and default gateway, which can be added back via the control panel. The password will now be back to default: admin:{blank}
Settings
The settings that we want to turn off can be found in the web admin panel by clicking Print Server Settings > Print Server Settings tab > Port Settings.
Here’s a look at the original settings:
As is typical for these printers, everything is turned on by default. Most of these settings should be turned off. The client just wants to be able to print from their computer. Here is the settings screen after the changes:
The result is that the only remaining services left on are:
LPD – Line Printer Daemon (TCP 515) is required for network printing.
SNMP – Enable SNMP v3. The printer does have the ability to generate a self-signed cert if you don’t have one.
A rescan of the printer shows that the unneeded ports are closed.