Dispatcher Paragon FlexiSpooler Security considerations

This document summarize security considerations that need to be take into account when deploying Dispatcher Paragon FlexiSpooler.

LPD print job reception

LPD is running by default on port 515. Anyone, who can communicate with the server with Dispatcher Paragon FlexiSpooler on this port is also able to send print job to Dispatcher Paragon via LPR. Because the LPR does not have any authentication or authorization implemented, an attacker can send the job to other user queue, if the attacker knows just the username. When the user prints all jobs, also the unwanted documents from the attacker will be printed. When Dispatcher Paragon FlexiSpooler is installed in server mode, LPD will by default listen on port 515 on all network interfaces.

Print backends

Raw (plain TCP), LPR and IPP are used to deliver print jobs to a printer. Transmission is not encrypted and printer is not verified. For secure connection from Dispatcher Paragon FlexiSpooler to printer, use IPPS (IPP over SSL).

Web API

Dispatcher Paragon FlexiSpooler provides web API via HTTP on port 5559 by default and also binds on all network interfaces by default. Network interfaces can be defined by `ListeningOnAddress` in `spooler.config`. This option should be set up carefully because this web API is required if the non-spooling Dispatcher Paragon clients, Dispatcher Paragon Mobile Integration Gateway or Dispatcher Paragon Mobile Print Server are used. On the other hand, this API does not require authentication so the attacker can exploit it to guess usernames, PINs, passwords, card numbers, billing codes, addresses of other site servers in near roaming group, or job IDs for given user.