Auditing a print and scan server protected by the VisNetic for Workstation firewall

Print servers, generally designed to be hosted on a private network, weren't usually viewed as a threat by network administrators. The general perception was that nothing can be done on a print server, except stealing confidential data. These systems were viewed as peripheral devices. But the world is changing and the number of viruses that infected corporate networks changed the network administrator's perceptions. The administrators start requiring devices with a good level of security. Furthermore, solving security problems are now perceived as costly by maintenance services. This paper documents the audit of a print server protected by a host-based firewall. The audit was performed from an independent auditor's perspective. This audit was requested by a company trying to improve the security level of its products. The company requested a penetration analysis in order to assess the security of the system.