Secure Print: Protecting Print Devices
Cost reduction efforts have necessitated IT organizations to consolidate print hardware. Personal printers are history and workers now share printers and multifunction devices with other co-workers. Cost may be reduced, and hardware is optimized, but security issues have been introduced into the mix in return. What prevents users from picking up the documents that were submitted earlier by other users—a paper-based data leak? Nothing, unless a solution is implemented that prevents this from happening. If an organization is concerned about unsecured printing, wants to avoid security breaches in the printing process and protect all printing devices and hopes to avoid the security risks when printing, keep reading.
Printers and multifunction devices have evolved over the years into very sophisticated electro-mechanical-chemical computing devices. They run embedded operating systems and support a rich set of network communication protocols. It’s a mistake to think of these devices as “just printers,” with the attitude that they do not require the same security policies and attention that are generally given to servers, desktops, laptops, smartphones and tablets. They are vulnerable to external and internal threats and adoption of printing policy can assist them with minimizing the security risks when printing.
Potential hardware vulnerabilities to consider when thinking about print security:
- Firmware can be compromised during startup or while running, which could open a device and the network to attack, jeopardizing print security.
- Unauthorized users can access a device via an unsecured USB or network ports or via unsecured protocols such as Telnet.
- Sensitive information can be stored on internal drives (e.g., hard disks) in print devices and accessed if not protected by specific printing restrictions.
- Multifunction devices can be used to capture (e.g., scan) and route (e.g., email) documents to various destinations, potentially exposing sensitive data.
- Users can exploit settings and functions from an unsecured control (operator) panel and potentially disable the device.
Recognizing Print Security Risks
The first step is to recognize the print security risk, then take steps to address it. But how? Fortunately, printer manufacturers understand the issues and have implemented many functions in their devices to minimize or eliminate potential threats. For example, modern network printers support security features such as HTTPS, certificate management, IPsec, port filtering, digitally-signed firmware updates, secure password reset, and more.
They have also developed software tools to define and manage security controls and procedures across a fleet of devices, including scanning the devices on a regular basis for viruses and malware. These tools can ensure that all data residing on device hard drives is encrypted, and they can wipe clean hard drives before disposal. Finally, the tools can gather information (metrics) from the devices to ensure compliance with defined policies.
Simple Network Management Protocol (SNMP) is a network management protocol that is used for collecting information from and configuring network devices, including printers. SNMP has been around a long time, and it has evolved to address changing market requirements. SNMPv3 is the current standard defined by the Internet Engineering Task Force (IETF), and it provides user authentication and data encryption of information exchanged between “SNMP managers” (e.g., print/output management software) and “SNMP agents” (printers).
Most modern print devices and device configuration/management software tools support SNMPv3. All major print/output management solutions use SNMP to gather information from print devices (e.g., status); however, support for SNMPv3 varies by vendor. Ideally, SNMPv3 should be used when possible to improve security of the remote management of print devices; however, some solutions are less critical than others. For example, there is less risk associated with print/output management solutions that simply retrieve information from devices (e.g., status), compared with device management tools that remotely configure (set/change) print device settings.
Getting the best advice
Every organization should determine which tools and device settings are required to meet their specific security policies to help prevent security breaches. The good news is that there are many security features to choose from, and organizations can achieve better control of their print hardware infrastructure and minimize their security risks when printing.