YSoft SafeQ FlexiSpooler Security considerations
This document summarize security considerations that need to be take into account when deploying YSoft SafeQ FlexiSpooler.
LPD print job reception
LPD is running by default on port 515. Anyone, who can communicate with the server with YSoft SafeQ FlexiSpooler on this port is also able to send print job to YSoft SafeQ via LPR. Because the LPR does not have any authentication or authorization implemented, an attacker can send the job to other user queue, if the attacker knows just the username. When the user prints all jobs, also the unwanted documents from the attacker will be printed. When YSoft SafeQ FlexiSpooler is installed in server mode, LPD will by default listen on port 515 on all network interfaces.
Print backends
Raw (plain TCP), LPR and IPP are used to deliver print jobs to a printer. Transmission is not encrypted and printer is not verified. For secure connection from YSoft SafeQ FlexiSpooler to printer, use IPPS (IPP over SSL).
Web API
YSoft SafeQ FlexiSpooler provides web API via HTTP on port 5559 by default and also binds on all network interfaces by default. Network interfaces can be defined by `ListeningOnAddress` in `spooler.config`. This option should be set up carefully because this web API is required if the non-spooling YSoft SafeQ clients, YSoft SafeQ Mobile Integration Gateway or YSoft SafeQ Mobile Print Server are used. On the other hand, this API does not require authentication so the attacker can exploit it to guess usernames, PINs, passwords, card numbers, billing codes, addresses of other site servers in near roaming group, or job IDs for given user.