Hacking into your office printer

Every Office Multifunction printer device in a networked environment requires robust security defences.

Any weak link in the chain can and usually will be exploited by cyber-thieves or online criminals and could end up costing the organisations affected very dearly indeed.

McAfee, the online security experts, estimated that the overall cost of cyber crime had reached a staggering $1 trillion by 2009. The average cost of a corporate data breach in 2010 was $7.2 million and the number of such breaches has been growing every year since 2000.

According to the Forrester’s Global Information Technology (IT) Budgets, Priorities and Emerging Technology Tracing Survey of Q2 2010, upgrading the security environment has been a major priority for IT decision-makers for the past four years and in 2010, for the first time ever, it became a critical or high priority for over 62% of IT decision-makers.

But quite a number of those Information Technology (IT) decision-makers can appear fairly complacent of the risks when it comes to office multifunction printers (MFPs), which over the past decade or so, have morphed from analogue one or two function photocopiers into sophisticated, networked office task-masters.

Office Multifunction Printers(MFPs) now have one or more operating system, a hard disk drive, a web server, fax functionality and even have their own IP(internet protocol) addresses.

It’s essential with such a high level of risk exposure that companies take as much care to protect their Office Multifunction Printers (MFPs) and printing operations as they would over their day-to-day Personal Computer (PC) or computer server security.

The list which follows outlines the core layers of defence across the main areas of Office Multifunction Printer (MFP) security – data, document, network and authentication.

Office Multifunction Printer Data Security

Hard Disk Drive Encryption. Recent revelations in both the US and the UK have shown that many businesses are unaware of the power of the Office Multifunction Printers (MFPs) in their offices.

For over a decade, most Office Multifunction Printers (MFPs) have contained a hard disk drive which will typically store an image of every document that has been scanned or copied with the device. Data encryption can help protect the hard drive from the risk of external attack. Most manufacturers, including Canon, now offer a data encryption package.

Canon’s package is essentially a plug-in board containing a special key which is able to encrypt and decrypt data as in enters or leaves the hard drive. This means that the information on the hard-drive is entirely meaningless to anyone without the plug-in board and the device with which it is associated.

Hard Disk Drive Data Erase. Not a lot of people are aware that until information contained on a hard disk drive is over-written, technically, it remains accessible to anybody with the right skills to find it. Many Office Multifunction Printer (MFP) manufacturers now supply data erase kits which protect hard drives by permanently deleting information, with over-writing technology. Disk data is either over-written with null data, random data or random data three times (!) to ensure complete peace of mind.

Office Multifunction Printer Document Security

Secure Print. In the most straightforward secure print configurations, sensitive jobs which are ‘printed’ by a given user will be held at an Office Multifunction Printer(MFP) until that user or the intended recipient ‘releases’ the document by identifying themselves with a personal identification number (PIN). This ensures that documents printed with secure print are only ever printed in the presence of authorised recipients, greatly minimising the risks of them ending up in the wrong hands.

Secure Watermarks. Leading manufacturers, including Canon and Xerox, now allow users to add a secure watermark to documents being printing at an Office Multifunction Printer (MFP). If such a document with a secure watermark is then copied, the watermark image becomes visible on the duplicate document, making it apparent to anyone viewing it that it should not have been copied and may contain sensitive information.

Office Multifunction Printer Network Security
Computer network security depends on all the links in the chain – it’s about achieving a standard of security common to all devices on the computer network.

IP Address Filtering. Internet protocol (IP) address filtering allows system administrators to create rules to accept or reject information coming to an Office Multifunction Printer (MFP), based on protocols, Internet protocol (IP) addresses or ports. This gives the system administrators very firm control over who can and cannot access the Office Multifunction Printer (MFP).

IPsec Encryption. Internet protocol security encrypts the connection between clients’ computers and printers. Internet protocol security (Psec) is supported by most Personal Computer (PC) operating systems including Microsoft (MS) Windows. It provides a number of safeguards;
– Traffic encryption
– Peer authentication
– Anti-replay
– Integrity validation

Network Ports On/Off. With the network ports on/off function on most modern MFPs, unused or unnecessary ports and services can be shut-off to prevent unauthorised or malicious access. On desktop devices these can be typically adjusted through the control panel or the PC-based device configuration software.

IPv6. Internet protocol version 6 is a network protocol for routing traffic and identifying any devices connected on the network. IPv6 offers some impressive security benefits to users on a network as well as the network’s system administrators and developers.
Specifically, IPv6 is able to integrate the typical IPsec suite of protocols onto a network.

IEEE 802.1X is an IEEE standard for port-based network access control (PNAC). IEEE 802.1X provides an authentication system for any devices which attempt to access the local area network (LAN) or wireless LAN.

IEEE 802.1X is now one of the most popular network protocols for use in wireless networks. Many system administrators find it is also the simplest means of locking-down port access to their internal networks, with its very effective mechanism for preventing information from unauthorised devices entering onto the network. With IEEE 802.1X, if unauthorised devices do attempt to access the network, the port can be locked-down until such time as it is unlocked by the system administrator.

Fax and Network Separation. Most Office Multifunction Printers (MFPs) now provide fax functionality. But the phone line which is used by the Office Multifunction Printers (MFPs) fax function is also a potential weak-spot in network security. System administrators must ensure that the Office Multifunction Printer (MFP). Fax interface is kept separate from the network controller.

Manufacturers such as Canon now use a separate fax protocol which only responds to fax commands and only allows the exchange of fax data. The fax protocol on the Office Multifunction Printer (MFP) will only recognise compressed image data with destination information – any other types of data (which could disguise viruses, Trojans or worms) is barred.

Office Multifunction Printer Authentication

Role Based Access. Many manufacturers now equip Office Multifunction Printers (MFPs) to differentiate device functionality by user access levels. It is up to the system administrators to determine which functions are allocated to the specific access levels – most typically ‘user’, ‘operator’ and ‘administrator’.

Smart Card Authentication. Related to the secure print function mentioned earlier in connection with document security, smart card authentication is where a user is required to present a user card when attempting to process a job at an Office Multifunction Printer (MFP).

Typically a special card reader will be installed on the device but as the user interface functions as normal, administrators can effectively operate a two-tiered authentication system, requiring users to produce their card and to enter a PIN number as with standard cardless secure print configurations.

We hope the list above will equip administrators and users of Office Multifunction Printers(MFPs), colour copiers and any of the leading Canon imageRUNNER Advance printer devices with all the information they require to secure their Office Multifunction Printers(MFPs) and the computer networks they belong to.