- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
This is the second of a two-part series by Dale Morris and Gary Lefkowitz of HP looking at printer security.
* * *
Technology development has outstripped the earlier IT view of security in the imaging and printing environment. Printers and imaging devices were considered simple network appliances, with none of the risks of desktop PCs and servers. However, these devices have grown in sophistication - running full-capability operating systems like Linux and Windows and featuring built-in FTP services and Web servers.
Vulnerabilities exist in the network flow (client to print server, print server to printer) and the printer itself (printer memory awaiting print, output tray awaiting pickup). In addition, inadequate authentication and insufficient print activity records can compromise security. In general, there is little or no control over the IT infrastructure responsible for printing.
Traditional secure-printing initiatives have generally employed a heterogeneous mixture of four different types of point solutions:
* Secure the device
* Protect the network
* Encrypt the document
* Effectively monitor and manage printing and audit devices
Although they do work, these solutions cannot guarantee security policy enforcement, and the task of integration is non-trivial.
Securing print and imaging devices requires creating access controls for management and use, securing file deletion, and even locking the doors to the printing station. However, securing the device alone does not create a secure print environment. For example, users can reset the device without the knowledge of the security administrator. To be secure, the devices must also work within a secure network which is overseen by security policy.
Forty years ago, banks thought that simply protecting networks would solve ATM security problems - but that didn’t work. Adding enforcement policies on the network, however, caused ATM abuses to decline.
Printing and imaging security is similar. Protecting the network with simple link-layer security (such as IPSec or other point solutions) fails for many reasons. For example, IT departments and intrusion-detection systems do not typically check printing applications, even though they are subject to Trojan horses and viruses.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (3)
Nice ContentBy Anonymous on April 24, 2008, 7:24 pmVery well written, technical, and informative. A great improvement from part1 of this series. Thank you.
Reply | Read entire comment
more headachesBy Anonymous on April 22, 2008, 6:23 pmYou don't even mention the really insecure inputs to printers - many older printers have infrared links, new ones have USB ports, bluetooth, wi-fi, etc. most of...
Reply | Read entire comment
More optionsBy mariomarques on April 22, 2008, 5:20 pmThe article is very good but I would like to know if there are more options to secure the printers? Best regards, Mario
Reply | Read entire comment
View all comments