Has anyone on here got experience with getting firmware for Kyocera both in and out of warranty?

 

As far as I can see only authorised service companies can download it and an end user can't update it.

This appears also to be the line from Kyocera, who just won't answer the questions about network security.

 

Obviously the printer is very cheap to run (You can run it for 2 years and only 5000 pages and be far enough ahead to junk the printer and start again), but if it's a huge security hole on the network, then that's a different problem.

 

Is anyone here a certified engineer or has them at work and knows how to get around this problem.

 

If not it will be a case of firewall the hell out of it, run it for 2 years and hope... or send it back.

Well no feedback from the Forum, but a call to their customer services line was greeted by the service desk person explaining how difficult it was and that it needed and engineer to come on site to update it.

 

Not sure how that will fit in with network security, but frankly it means even if I do lock this one down and live with it, they won't be appearing anywhere I work/recommend if I have any say in the matter.

Edited 23 June, 20205 yr by cheezemonkhai

Do you need to apply the firmware?

 

Is it adding any functionality you are missing?

39 minutes ago, Aspman said:

Do you need to apply the firmware?

 

Is it adding any functionality you are missing?

 

That's their line and from a functionality point of view no.

If it was a USB printer I wouldn't care.

 

As it's network enabled, then security holes in the SSH/webserver or any of the other protocols need to be easily patchable to maintain network security.

Everyone else it's varying degrees of easy, but this lot claim it's an on site engineer.

What else is on your network?

 

If it's not internet exposed then a vulnerability on the printer isn't very serious.

Here, a server which is externally connected and a few ssh systems on v4 and v6.

 

It will of course be firewalled and any internal wireless disabled. If I wanted WiFi direct , then that would be gone.

 

The external wireless will have to be double checked to make sure it’s properly locked down and likely upgraded to wpa3 when available (hopefully as a software update rather than new APs).

 

Corporate network wise, some guests need to be granted printing rights, which means they’re very exposed.

On all networks it means security patching on anything that can see the printer is even more important as a non root vulnerability there is still more than enough to own the printer.

 

Having seen how easily printers can and have been used to monitor internal comms, I just think it’s **** poor.

Stick it on the firewall in a DMZ.

 

Might be a PITA to sort out ports but should tick most of your boxes.

 

I don't know your business but for us guests on the network would be the biggest no-no. If printing was a requirement there we would probably have a second printer setup on a guest network via a seperate wifi SSID.

 

 

Edited 25 June, 20205 yr by Aspman

Have the guest network, but a common printer albeit with a vlan.

 

However it is a weak point and dmz is approximately the solution I created, but I can see a replacement printer In the not too distant future.

 

Kyocera just seem to ignore any questions you put to them and are clearly not set up for this sort of thing.

On 02/07/2020 at 07:59, cheezemonkhai said:

Kyocera just seem to ignore any questions you put to them and are clearly not set up for this sort of thing.

 

Buying another printer works for them, I guess.

Well we shall see, the printer crashes to the point it needs the power pulled and it’s only managed 5 pages..

 

warranty call is in, but nothing as yet.

 

going back to the supplying company today, if not fixed by the end of the week they can have it back.

Could you put in an old box as a linux print proxy?

If you've got a hardened box acting as a proxy that will allow your guests and LAN users to access the shared printer without the print server acting as an insecure bridge.

Dpends if you've got anyone up to speed on 'nix or if you're comfortable following an online guide.

 

You could use a windows ISA server but then you've got licensing to deal with.

 

By the time you've farted around too much it'll be cheaper to buy a new printer.

Edited 10 July, 20205 yr by Aspman

I could have done, but the cost of the additional box, even a NUC just isn't worth it.

I'm up to speed on linux admin, so it wouldn't be an issue, but the cost and maintainance time is probably (as you say) more than the cost of a new printer.

 

 

Regards to the printer the response was dire and involved a shouting support engineer, because he insisted he must remotely connect to a printer that wasn't on a public or routable IP and behind a firewall. There were also some very helpful people there, but I was told that most of their support staff were on Furlough, which probably hasn't helped.

 

The vendor tried to get their kyocera rep to do something, but they got a blank too so offered to take the printer back.

It got collected and has been replaced with an HP.

 

In summary, the kyocera appears to have better built hardware, really poor software (from a user POV) and very poor support model when it comes to home/SOHO users. 

 

Will the HP be more expensive to run? Certainly.

Did it work and do firmware updates as soon as plugged in? Yes!

A working printer which is somewhat more expensive, is certainly better than a cheap one that is a nightmare in my book.

 

It's a shame as there are some really good points for kyocera, and if you're a big business with a service contract, they're probably great, but until they fix the update and SOHO support model then I'd personally not recommend them.

Edited 16 July, 20205 yr by cheezemonkhai