FAQ: Network and security protocols utilized by Ultimaker printers and Digital Factory

This article will answer frequently asked security and networking questions utilized within the Ultimaker ecosystem. It can be used to help fill out IT and networking related questionnaires.

What networking protocols does the printer use?

When printing via Digital Factory, a TLS connection is setup.

  • S-line printers use TLS 1.3 
  • The Ultimaker 3 uses TLS 1.2
Can I disable local network printing?
Ultimaker S-line printers running firmware 6.0 can enable a firewall that will prevent local network traffic. The Digital Factory can then be utilised for secure printing. This is considered by Ultimaker to be the most secure setup.
What version of Debian do the printers run?

Printers running firmware 6.0 and above run Debian Buster.

Printers running firmware 5.x run Debian Jesse.

What software does the printer use for remote access?
Ultimaker printers utilize Nginx web server for remote access. Printers running firmware 6.0 and above run Nginx 1.14.2.
Enabling the printer firewall and printing via Digital Factory removes any risks associated with Nginx.
Can I disable TLS?
TLS is used for encrypted traffic between the printer and the Digital Factory. It cannot be disabled.
Do Ultimaker printers utilize SMB?

SMB is not used.

Does the Ultimaker cloud solution log suspicious events, such as unauthorize attempted logins?
No. We do not currently have functionality that monitors suspicious login activity in the Digital Factory
Will security-related changes to privileged accounts be logged and alerted?

All accounts have the same level of security at present. This includes email notification upon change of password. For more security, we recommend enabling 2-factor authentication.

Will this solution/tool be regularly monitored for unauthorized activities?

This monitoring is not currently available.

What logging is done by the Ultimaker cloud solution?

At current, we log various client activity which is prone to change as we develop the platform

For how long are Ultimaker logs kept,  in either online or offline storage with the ability to be exportable or transferable?

Currently we store online cloud logs for a maximum of 40 days. They are not available for export, or transferable. Printer logs are created on an ongoing basis, and are rotated upon reaching a maximum data limit.

Will passwords be encrypted both in motion and at rest prior to go-live?
Yes. See cloud security article.
Will any encryption keys used in this solution/tool be properly documented and managed through either Public Key Infrastructure (PKI), PBKDF2, or some other secure key management process?
We use the secret management solutions from Google Cloud and Hashicorp Vault.
Will the solution be hosted in a physically secure location where access is monitored and controlled?
Yes. We utilize Google Cloud, and inherent all security from this platform. See cloud security article.
For any File Transfer Protocol (FTP) connections, will only secure FTP (SFTP/FTP-S) be used?
FTP is not used in the Ultimaker Cloud Environment. We use signed URLs over HTTPS for file transfer.
Will any users with administrative access to the solution/tool require the use of multi-factor authentication?
Multi factor authentication can be set up, but is not required by default.
Will there be a documented account management process for use of the Ultimaker Digital Factory?
Organizational admin has full control over new user accounts. See more about organizations.
Will user accounts be removed/disabled if inactive for a longer period?
Inactive accounts are currently not removed or disabled.
Will mechanisms be in place to alert when accounts have been created, modified, enabled, disabled, and removed?
Yes, Starting point is the organisation in Digital Factory (Software subscriptions only). Each user must accept an invite to join the organisation and access organisation resources. In addition printers are shared on team basis, where only team members have access to associated printers. See more about essentials.
Will every user be given a unique account (i.e. no generic or shared accounts)?
Yes. There are no shared accounts. Each account requires a unique email.
Will access, use, and distribution of data follow the principle of least privilege?
Data is separated on application level based on data ownership (multi tenant). Automated tests are in place to ensure data ownership rules are correctly enforced. See cloud security article.
Will the system owner ensure that all software/firmware assets associated with this ecosystem be kept updated to the latest stable version?
This is our commitment as part of ISO27001 certification, expected to be gained Q4 2021.
Where can I read more about Ultimaker Cloud security?
You can read more about our cloud platform security here.
Was this article helpful?
1 out of 3 found this helpful



Article is closed for comments.