The long standing complaint about Microsoft Windows is that it contains too many features, thereby opening up too many security holes. A mainframe with dumb terminals, on the other hand, presents far fewer attack vectors. But security managers now need to be aware of one other route into their networks: smart, multifunction printers, frequently with Internet access.
“The technology has gotten more complex, especially with the multi-functional products which increase the number and diversity of threats,” said Ken Weilerstein, an analyst with Gartner.
IT security staff, therefore, needs to become aware of the threat these devices pose, and adopt a strategy to minimize those vulnerabilities.
“The biggest mistake is to view printing as a separate, stand alone application,” said Steve Reynolds, senior analyst for Lyra Research in Newton, Mass. “It is one element of security and has to be looked at in that context,”
When talking about secure printing, two issues arise—securing a printer as a network device and then restricting access to the papers that get printed. Printers and copiers are no longer just dumb devices.
“It wasn’t that long ago where we had separate printers and the only thing a copier was connected to was the power supply,” said Weilerstein. “Today they have an increasing number of functions, are connected to the network, and might also be connected to the phone line.”
This opens up three lines of attack. The first is the devices themselves, which now contain their own hard drives and operating systems, and often some type of web service to interact with the vendor’s support staff. This opens up the possibility of installing malicious code.
The second vulnerability is unauthorized document access. Those hard drives are used as a cache for documents waiting to be printed and can be used to store frequently-printed documents. Just as with other hard drives, those documents can be stolen. To keep the disks secure, Weilerstein advises overwriting data on printer and copier disks, rather than just deleting the files.
Finally, there is the matter of the intercepting the documents in transit over the network. A company may have a vast store of documents sitting in its file management system, but one can’t easily tell which are the most important. Sending one of those to the printer indicates that it is current, active and valuable at that point in time. Normal print files are easily read.
“People don’t feel they have a vulnerability in their print data streams,” said Bob Forte, senior systems engineer for Levi, Ray and Shoup (LRS) of Springfield, Ill. “In actuality, any basic line data or PCL (printer command language) is pretty readable.”
To keep the data from being intercepted en route, the data should be encrypted at the sending computer or server, and decrypted at the printer. Hewlett-Packard and Lexmark both have encryption options for their printers, and LRS has software to encrypt printer data locally or between sites.
For users using a remote connection to access office printers, “printing can take advantage of the security and encryption that is already there, a VPN tunnel or 128-bit encryption that is available with the Web,” said Reynolds.
Controlling Paper Access
The other security hole is controlling who has access to the printed documents. The most common problem is when someone sends a document to a printer which is then read by someone else looking for their own documents. According to an IDC survey released last spring, 24% of respondents found financial data and 18% found personnel records on their shared printer.
This issue can be addressed by giving users their own printers, and frequently this is done in sensitive areas such as finance or HR, but is generally not a cost-effective approach for large numbers of employees. For others, this means rushing over to the printer and grabbing the document before someone else sees it.
One workaround is to install a key pad or touch screen on the printer. When a user issues the print command, the document goes to the printer cue on the print server or the printer’s hard drive. Users can then, at their leisure, go to the printer, enter their password, and retrieve their documents.
Using smart cards or fingerprint readers instead eliminates the need for IT to continually reset forgotten passwords. Government services contractor L-3 Communications recently started installing fingerprint readers from Silex Technology America on some of its printers. The readers plug into a USB port on the printer and, according to Chuck Jarrow, vice president and deputy general manager of L-3’s IT Services Group, “For an organization that suddenly finds it needs secure printing, this is a very cost effective and a very quick way to do an implementation.”
One final security point is controlling who can print which documents and keeping an auditable record of print jobs.
“The point here is that the other elements of computer systems are being tightened up so paper is one of the few remaining places you can take information out of the agencies without leaving a trace,” said Weilerstein. “If you try to download the information to local storage there might be rules blocking it, but not with printing.”
To get this potential problem under control, a company can use software such as Software Shelf International Print Manager Plus, which controls printer access and logs all print jobs. Putting a security designation in a document title could block its printing or restrict printing to certain users.
“If management has no way to run reports on who is printing, what is being printed (and) where jobs are being printed, they have no way to implement any kind of security,” said Software Shelf’s CEO, Bill Feeley.