- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
This is the second of a two-part series by Dale Morris and Gary Lefkowitz of HP looking at printer security.
* * *
Technology development has outstripped the earlier IT view of security in the imaging and printing environment. Printers and imaging devices were considered simple network appliances, with none of the risks of desktop PCs and servers. However, these devices have grown in sophistication - running full-capability operating systems like Linux and Windows and featuring built-in FTP services and Web servers.
Vulnerabilities exist in the network flow (client to print server, print server to printer) and the printer itself (printer memory awaiting print, output tray awaiting pickup). In addition, inadequate authentication and insufficient print activity records can compromise security. In general, there is little or no control over the IT infrastructure responsible for printing.
Traditional secure-printing initiatives have generally employed a heterogeneous mixture of four different types of point solutions:
* Secure the device
* Protect the network
* Encrypt the document
* Effectively monitor and manage printing and audit devices
Although they do work, these solutions cannot guarantee security policy enforcement, and the task of integration is non-trivial.
Securing print and imaging devices requires creating access controls for management and use, securing file deletion, and even locking the doors to the printing station. However, securing the device alone does not create a secure print environment. For example, users can reset the device without the knowledge of the security administrator. To be secure, the devices must also work within a secure network which is overseen by security policy.
Forty years ago, banks thought that simply protecting networks would solve ATM security problems - but that didn’t work. Adding enforcement policies on the network, however, caused ATM abuses to decline.
Printing and imaging security is similar. Protecting the network with simple link-layer security (such as IPSec or other point solutions) fails for many reasons. For example, IT departments and intrusion-detection systems do not typically check printing applications, even though they are subject to Trojan horses and viruses.
M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
More optionsBy mariomarques on April 22, 2008, 5:20 pmThe article is very good but I would like to know if there are more options to secure the printers? Best regards, Mario
Reply | Read entire comment
more headachesBy Anonymous on April 22, 2008, 6:23 pmYou don't even mention the really insecure inputs to printers - many older printers have infrared links, new ones have USB ports, bluetooth, wi-fi, etc. most of...
Reply | Read entire comment
Nice ContentBy Anonymous on April 24, 2008, 7:24 pmVery well written, technical, and informative. A great improvement from part1 of this series. Thank you.
Reply | Read entire comment
View all comments