Security Solutions

The Ultimaker 3, Ultimaker S3 and Ultimaker S5 printers can print over a network, via Ethernet or Wi-Fi. More information about setting up a network connection is available.

Ultimaker printers generate network traffic on the following TCP ports to support various printer functions:

  • 5353 – Discovery (allowing Ultimaker Cura desktop software to identify the printer)
  • 80 – Printer control
  • 8080 – Camera feed

Note: this is in addition to DHCP and NTP-related network traffic.

Ultimaker printers are available to any user on the same network segment, and data in transit and at rest is not encrypted. Additional security measures might be required.

This document describes three security solutions identified by Ultimaker to mitigate security risks related to printing with Ultimaker printers, along with the advantages each solution offers.

Solution Overview

Ultimaker has defined three security solutions to mitigate existing risks:

  • Printing via Ultimaker Digital Factory– utilize cloud services for authentication / authorization and data encryption
  • Isolating printer via firewall – isolate one or more 3D printers from the company network via a firewall
  • Offline printing – use a 3D printer offline only and print files via USB port/memory stick

Each of these solutions has specific advantages. More details are available in the next three chapters.

Printing via Ultimaker Digital Factory

 Ultimaker_Essentials-3D_printing_via_Digital_Factory.png

The Ultimaker Digital Factory utilizes online services to enhance your 3D printing workflow. When using the Ultimaker Digital Factory only authorized users are allowed to print with network-enabled Ultimaker printers and monitor print jobs. Information submitted to Ultimaker Cloud is also encrypted in transit and at rest.

Advantages over local printing:

  • Only authorized users can print
  • Data in transit and at rest is encrypted

More information about the advantages of printing via the Ultimaker Digital Factory are available via:

More information about Cloud security is available here:

Please make sure the firewall allows traffic from the printer to ultimaker.com via TCP port 443. Read more about networking and ports used by Ultimaker.

To ensure only authorized users have access to the printer it is recommended to create a separate network segment for Ultimaker printers which is not accessible from other segments of the company network.

In addition it is recommended to activate two-factor authentication to add an extra layer of security to your Ultimaker account. For more information please refer to https://account.ultimaker.com.

Isolating printer via firewall

Ultimaker_Essentials-3D_printing_via_Internet.png

One or more network-enabled Ultimaker printers can be isolated from the company network via a firewall. This would allow you to monitor and control incoming and outgoing network traffic.

Users on the company network will only have access to what is relevant for printing 3D objects. A printer behind the firewall should not be able to harm any other systems in the company network.

Advantages over local printing (via open network connection):

  • Printer network activities can be controlled and monitored
  • Only essential capabilities are available for printer users
  • Printer can’t access any other system in the company network

Recommended settings are the following:

  • The firewall should block network traffic between printers and company network, except for incoming traffic via TCP port 80
  • Client printers behind the firewall are only accessible via Ultimaker Connect software on the host printer and client printers
  • The firewall should act as a DHCP, DNS, and NTP server for the printers behind the firewall (and the firewall should act as a client on the company network)
  • A (reverse proxy) whitelist should allow access only to specific URLs:
    • /print_jobs - for printer status and print job overview
    • /printers - for printer overview and network details
    • /analytics - for details about usage and materials
    • /static/* - for images
    • /cluster-api/* - for printer control (api layer)
    • /api/v1/system - for connecting host printer in Ultimaker Cura

Please note that one consequence of printer isolation via a firewall per the recommendations above is that settings and camera feed are disabled. Any cloud-related functions are only available if port 443 is open.

Offline printing

3D print files can also be transferred to an Ultimaker 3, Ultimaker S3, and Ultimaker S5 printer via USB stick. This will allow you to print without network connection.

Advantages over local printing (via open network connection):

  • Printer can’t access any other system in the company network

More information is available via:

Support

If you have any questions related to the security solutions in this document, or other IT-related queries, please contact Ultimaker for support by raising a ticket above.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.