Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Printer Security Advances



 By: Larry Seltzer
2007-07-06
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: Printer companies actually do pay attention to security these days. Security philosophy isn't as settled as it is in other areas.

If youre in IT in a big company and youre concerned about printer security, good for you. I think caring enough to work on it is the biggest part of the solution.

After my first story on the subject of printer hacking I got a lot of e-mail with printer security horror stories. I ended on a note of skepticism that truly its a significant problem and thats still how I feel. I also get the sense, just as with computers, the newer ones are safer than the older ones.

This article about Konica Minoltas latest MFP gives you an idea of what some printer vendors are doing about security. MFPs (multi-function printers) are becoming more popular in the enterprise (or so the printer vendors tell me) and they raise a number of special security issues that dont apply to print-only printers.

I had an interesting conversation with Randy Cusick, a technical marketing manager at Xerox who has dealt with these matters, especially with respect to MFPs. These are, of course, printers with other functions built around them, and these other functions bring their own potential for vulnerability.

Pedro Pereira thinks that Xerox, whose future was once in question, has made a comeback and is gunning for the SMB channel. Click here to read more.

Resource Library:

Some of the potential for vulnerability is relatively obvious, such as physical authentication of users at the device. Thus the Konica Minolta units with biometric authentication, for example. And at that point you need to define different user capabilities and manage them; not all users should be able to change printer settings, such as the e-mail address to which alerts are sent. Cusick cited an FBI/Computer Security Institute report saying that more than half of attacks on corporate nets came from an internal source, and an MFP could certainly be such a source.

Konica isnt the only company whose new products are better at this sort of thing than their old ones. Old high-end printers might have been UNIX boxes with FTP still installed, but the new ones are likely to have run through serious security evaluations. For what its worth, many Xerox products have received Common Criteria Certification.

Another important capability is management. Products from big companies are likely to come with SNMP MIBs, and many have their own network management tools as well. HPs Web Jetadmin software allows what they call "fleet management" and includes many security-related features like authentication.

Cusick noted that the early concerns they heard in this area came from government, as they often do. Extreme physical security measures, such as built-in hard-drive wiping, are now widely available in printers from Xerox and others to address some of their concerns. Xerox actually has a fee-based service for printer retirement in which they will physically remove the hard disk and present it to the client.

Print-only devices, such as my own Xerox Phaser 6180DN, usually dont have any hard disk in them, and this simplifies things somewhat. This may be one reason Cusick says customers want MFPs delivered locked down, and allow the admin to turn functions on as needed. But for simpler printers the customers want functions on by default.

Printers are simpler devices and managers are fairly trusting of them and dont want to have to open up ports. Printers also typically dont have passwords (other than for administration) or important authentication issues other than global on/off access.

MFPs, on the other hand, are filled with important security issues. Xerox does things like run the fax on a separate card on a separate CPU that only interfaces with the rest of the device through standard ITU T.30 protocols. The fax never writes to the hard drive (yes, this limits the storage for faxes, faxes must be stored in RAM).

As with most security issues, the best protection you have is being informed and on top of your own equipment. HP has a good Secure Imaging and Printing Web site with information thats applicable not only to their own products.

Because printers and MFPs dont have a widely appreciated reputation for security issues, they dont often get treated properly. There should be some input from those with security responsibility in printer purchase and management decisions. Even in smaller organizations, administration needs to be aware of the potential. HP told me a story of a K-12 school in which children learned how to use PJL commands to send (ahem!) rude messages to the console.

So it seems to me that everyone is still learning about these issues, but Im pretty upbeat. If IT cares enough about printer security to pay attention to it, the printers will be hard to attack, harder certainly than something else in the enterprise, and that might be enough for them to be left alone.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers blog Cheap Hack

More from Larry Seltzer



  Reader Comments: Printer Security Advances
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


xr80VӮc"uKm֔ey,Uyc# IlS$l{%Ο 7]hvUW-w-DH D?{{~$rhiOH1%3TI}"Iͽ~xh#(~0`)rdxBԲ|WR #Yntj55Gl$J~x'A :':DPL9 ΜM}ٜi7'x2 X m 8O0,, P8$H.{H~. DuXqD-:_;v T|_9AÙML}! {|HJT%h!1Q暿#=z'Ț?_i@aUw0vK]K[wSUȓ[vx1B!"Bτ]ͻHݠLo$Gd jI:`iT11<Hчxހ]ݱ&R,RE͌iAw4ԬkScG 7GCLH<~0[QM+.n5RNX0'C8:)X ۱2˭3]6e5^G~7mgE5GlR" =y74JaHO LE7rؗCY֌A閩mȺuw*r] GjR/G{Q!`چ[=4Q9n^wfFïBEQB_u.s$QwÑwܖ4a*^w6 WOwy@.{A~Aw" DT-JR,͒DCaOmd:AHsEF j;|#R/ՋjA=R$ڑf1S$XIcF/XPGb9򋩥}5h\tm2h\tgH>߉ekby 1(ժ=TRJg#=ޛ:׋۳ۗKiOz7s#)|v5 0\68jo~n/vgl M u4}GuIɽGbw2|&j]<윐$˷Y>] پBd}#$77#R(y#0ri4(-ߖAfw[ 74u{0-Mf "dh&Fp- @lo Kj(H)5?&F`Mil&XJp7Q m̗^PeP샚_΢[2jƫOөr$o# eF\B(&PHQ>lO|yx|vwܬu"մޅ-~4RށؓY5x>%U~u_FnZ`KћZc1xd2Yb~ 8ʍ??5m!S[ö@ .ks+k~̆>:mNQm51l;4d}t>჆(>hhƋMri^OMrӇtu@.~ͣn]?'tno7,AbG@a`Ψ6rjLP"iAЂMx>tT؎]6}l29<8({hk=`DkwKGHb1(բ!Tg,Zu= } w,ߣ9#kL L<ģ\>Ԇ!~9.b&;A/{bA2 EEKi@( $h5ar/lQ^OHX)VpDm'8.3Tr XK){TKh+K@f:34YIJM힟u]_ ȉ#m"09X -Z X%Vj9m2*COđj\P jңz yU2wd .z:H(p0ѿ{Ğnv(־i;\X䞅ʁZ¿Jʳ&#P3>ťp(mtfй+>q^uiz ei6Y+ME[9(Ŀ+ӺZJx H#od koռ²yc<66X`9HM^>L2fˣ(U2LF%IokwCSslR6q rQ iS#7~ՂZ=RzV*<>ki8 ,@ r; )mT.mT^GgΧމzд "w=: S-`zԱ; lN#0 ;u J[Y,,iTJMQרz Ä끈_E3ca{6p:P]%f//,+Y{uMٓZR|vn [arhfl:6-؄sOs=1}Z3ހɰR.%" 6D ȸau-Ce04FxP[JCu:rȵ`w%XYf-1?0Yu/ÊT)Ϲ9 i~>EV:6őGG@q?@TEe¹3`Qеa#ECf0% P"7h6{eeꋹJu;OP,;w>k#}sJ;$`@"+jZ3Ev ~JIaQsGŵRr#n713~Z`fzž n(jVTkk9mXo^ :i3 9Sf5O};N`[E欭h+,s Jb+ͤV(EcT7edކyϤMnU)HW.|S'eyfMh`%͋q( 8=_PpfGi*>שgS!'܏p ,[;A%hb25K9E?9dN@u3 U K4 NP&5_p4hz]W4Giwr£:u߀&?q}ca#2"~p5oiP.T*E:k"WA Ұg /s_5u_&gnu"+JaHˈG2gd7)VCiA/ST3 fc>/ci)ր OZ|bR3GZy+jJHJzD |d5 C 7ѐkFD#~{$} =ע,@DmXJ/EXᐫiQ]AӀ)x9Ll Ll'`Q(s&zTW">)wD<7ϰ3}Nb 4˴WՄθā0O?-$NVum4eX$5}d YV|2&ZQRj/“sw@&(8-.]EQh2)nQ==Սћn@h# ;wk~ʡf *i;I@r;qO;a#5 ƈQ@JڣR> GYdI.|akJZWn8J3 ,O$(e,t9Ǔ۷mpH3T!,8{Je%[ ir}c$ $"zr3.=2a7b^ܘόм~>Q%&/!(0H_dpCm;$\auv'HGϢ.cU}ֻHgn!1@qfq^3 \;(E0^+{Yi\.JIMթb8K} L@IP 4t="!}F7{%%usu.:l `yAra` 8yJ|Iwٻe-%{E's=Bn2H!Bç='Mxy)qm2YG42~qki/8 uÀ@ cݜo8`LRX5c5IB AE׏6u8eR쭩G2se5I^S PW2REHIAN'' <9WxEщCپ~KiV \ |~i1ў/W` eIdakf+6IOwy@H߉ NN|ls_<#ppz 0xc.[qn}z{HaP;DZ3pq*dhwXɫI)j껰ɫT~OJ.6 D Tz@0Hr\zC=?UmOfXcyu=v츃%vdQ;zZ1?n_8Zt]ta|b|;sFg5\{ 塚>%zv`蚳 o.(}ǩ-{oCD' H ^޼=2oQP]9Yz$ACvoN~ℜ7107~worO07+'i{޽Ҿ2CWq[:+@^l"$$yEQjFﯾ"+2gNI˅^t*<>rgx7YM x3D?-ye9>Q3-4|2Gy~cq.~({_fO,J麇9]MZ^⽸|W90.5=y$/Av} ,D>?GgoD:*p&޸tfڰf{"]@JOe)jA-hӦ~4a0_7WkD\${=<x3,M2Ï쬋:~)s"rG{YiYș71$nlA D%|,*[cP23㱫R?L(&#Kw2g@W) X*LX=&NM P6NyP|Np0[_BddAW6AgiSFMLr j -ՄD]L@- tF[%mXi첎lB>ZjGT{2N9~nԳ5,*93 K2W1[PJbWTKe3(YlvىĕR{?oA$rK*qlm,\+*8oU&mȕƐnӄ#]$:$+1ٕyT n4Hè/k DwIX^epi*WˉUKt5_P9E zS욏bd 'BbQ .Ai-"8($ij_RJPuHbVY%IA_{,yS2OFJqܹE뢈o'%E䉹 ZS_ֺ1cYsiNq><vK⠻Ntxw!83wQjPW2Ȏ'|'A(ybIWGV_P.4Me9fm5 >Q0>b^DK5o,RPB^79 pI-I4$!̃8` o^QKD\4_VKR{5WHn5_.A5*MYvP0}]~3ixWmFZ?[O+̑;3Ae?ͼڡ/VFw?9/nIKK('u_'`pBURfEg.Z9b"|cfIB;Df&F$×_-x=5_֖tZyu:7RyrQno1?ЅbҁexzXAݠ(Db_:CQY8 44QiG~}}}}rMU߶OX>L(25!FaI?-Ӡo&0!Y! c815J,9 T|ׄhlmxH]@E` LO ؝Og'AGuK,b $PRhؚc(͒ZT5G9!#0tlwp!"^؛>)UF#| @(̈́`1j=~Ѱks74[_l-s/1)\"_9ó@cRPÁ+7HKz_'kzL , ]9x3,s͞D)a5'3Gn㈚Jc-7'#i8tQ3k Gj=Y WbmHE"XD=B `D9Bş3*mt)7Y'{[IEsuپ{1326##5ē@+lyK2f:fYʅLWP^&$"}u2-sNj dxcZm/=`ӽ6۬7o=HvJccJ o3")Aݶ{{Ʒi?`Wula}#^jĕSJ=[yG©وj:!TJE` +⌱fnmϋ%sG I4R "H+ɻo1;>&417(jcx_Kݪ_xЁZ۷84XG_˯eYᅮ$yiz`'^5X,hMVLm!~%0m lh61޾i:2L~5;=݃vOes֌S`gwQ?(eo,7 fZ6 X ךOC3* I3~^cO'27g8. 2ä="LANXBl LQӬfo_`n3ƻyk%9q}/*ga)([IO }A[~ J5?2+Ow 2E A p -{@=t $ȮO^6j=ꕂvךS|l:.krJm:v#,~Et{@RCVjb`!OT#|'IAwy4,~D?S9E=1K6f&T9E( )9m2yށܕŤ=BH 4{~CX^q1Q<0"Cn6Fce\[&^C 0J0 dZ%gB8AX丱Ň!^ E& ;CA$?ؘZz0lsy̩,, ^4𚩐J711ǜSK?j\(.IQ:-~e=^_@FS3 n TJ9~餷 G]!DYtMpU9 &uL'Z|Yc洹a:/kO6zYC'^L8d;쭗5Įz|if[yBE ~K-۽9  D:UYlsÑw'7E[TvXj 1`5; )@#x2lSKaZ'$~TRu1sK"̶{b?GjPV*ڑߡ<,` #+5PUk%r\PO5rKRkNz``zҧ%E-@GǪcjkF*!E0!8Q vl^ݹHm+nn@BDęvxЌ`/0۱p pm[.{3eM< 9vsu#/ն멑ў`1,8.d3+nіmmy.G4K,2;[4] lS;x)wnj|G,%_݄FFV#lEi1tJPG!K..jjJh56qii<*TGL06LjT TcЭB)˪M;InP}wY?e=` ' 24/x߽[!ʣZ+=Jl~GhM,Ë{|U:k|%wRW3-΢ 7udk¨`*£MpP(j-MG/tX0/b#3-#^>xA2K= o~{@(r r,"-E|tz['u}H?Km1yFhb#3!^0 %'!`NvCsIڷ`о飇@F™6^<3qhK?a]{Z؟0J7O t$rM8!id퇛~^(b#sA~b #:́ lZV)F(ЄG#=7>nrn&[ lx Dx&sfI@ s<3DDi֜iĄ~"W3(}@>:׌Zj !1gGi>'_A$SW@tQR"tQ:.( o%H_([POXP؟?pk2'TJHB}s 7Xh0usXc- .E.Ӈ;q{4+۠f 6;%~6t0Q-tV#ߛi3,ȏKlݜ(8&sZ9It!CK/HzNszqcdnz~X׻SSeď/0  Ka1c~PBMФP:C KD8_]xC YQ^"oӄ\I \QY / Ij WPɺx>\S;.0KD39ݐ9iIqs=qw5} 'RKG٩;ǽ'gMjkhbv>L5%ۼ6/ v(P]mf)NL{=\H% ew"f?G>;eQȐ:|ja 95ZZ+!U9jmn8~(hOvɀڹfhRZ%eF(Q+Q~7OZ@2ʑO(?\~99<Ny\95;пNF?ӹ(w2k~gϛ/e|vnta݌w~7 >ෛ.৛.1.g7>@ D'(Q~dwQ{1W?Wsw1=/=? ː/@q 3dOoAA6A_SV9S>>eoʁ~o3ڿh6N22u S.ryA/ ȋU৬rXB]eס>? fVd{rMtsn yr%> |SG0ӚܴO]/yd֦k_5lNA6KE>Y;yУx߇5OKWX-Jaġ]-Fb4}eR76ևǛ3{x C7WuY>Y"h(x4|s&pJ!J8?0 fZ gѥ8 an%gh7xF =sބ]7=Ԍn@ 9w>*%U-)UTj%wwD(&0#*+P#}a`J^.U&zg l]{ۦJ̾jCO3CX)x}̺l[ %.< m!r+Xڼx-y|yN؛ڎy@Vo9Xj-/#RgQ+\|ǙC_pov1R V{[1g7ډ:GKУpșG ? 3Εq䗹l 4@{4Dݴ)9?g)b|337dL$pgB-Kt!޴PaD˦U憛՞/{nw:aKƈ D%-%OB.;P'GkW`w|!G0BkN#eaxap&tevW4xp;v}3X?ap[N\V!eLg)=oƍQg~-̸ƲB_avy]ӧ2nc}N 1)Y֠}Q/vO45~n? ţ:aѡ(Yc{XnDh'_K;-5kx.$wb9sC@y=yG<'JduBlk8sXK1w]Ww.x~k5 X 9cηt>1LR%|1{C8$Ҵ Cdd3=lYLmb[>/I4#!fIკ" ֍~2I4xH~ 5$Id`Կsg9Cc7:Δ0ـO ؠ+.Ġ/>'g4WBO)s:3Up6 I7T`';Ǧ a4:vX9VF  u EݩcE\cͅx{pFka?>N@6AыpO`ƵHzBAI%X^KfgY{6D/n fey] ,pd+K:!31Q9jkI/?H3軱Wx&%}YQ v.ycH#ev\z$tnP'9"Ź oPm b/ yJ>? T@| %9.X&"3>m?'.}A5+J'"@2x̴5[Pŗ;5 m'#84C>ԺmQ޺ϟpml.;+CO1ΪTU|l>cx '4r{oڇsWu`'#~" V[œA6h4_@&s ܈}olI-#Ox Cr8ˤ`k욧~0qGĶ2C|R2k̜UpvRvcdLw6qgSet@Eq˫Pv;OyBtz-E peӵy2 Wc9ǗvJ^Qt 7tlmb @Jܝ >7#Tt#+@4 pSGghp# 14B\ (cto@ S.vQeN܌1MF]khT[%^ؕEld ^kgyc/ |ڕa=vsaSΜ7 @>{~w)Ǹ 0tczw^?קg[8K cd.'XI@ qZ']Y!hXj=E"ҁ )Q~9'fK#fY [Rj`n~3 4pRaL (b[иY{PE"1w1G= `5>gvC%z1waX0~v19&Y>6s3a=U`2M.<ȳ(`F,Lv"VKJMΡmbQaڇl*~H&.,{+ЃD~xFs-^мQ> χ"@Ă+"e}q$Y! *`.gGq~v>!2D!6xvbpwٻ;^z:p~xu*/ZK xwsN`){׭yEg?0]\}!l6Gn_1M4ZQwNVtƢI26pzR/jŭ.{g;a+bBmP?-۔p&s.#KM\eRMj39Q2;֎Mӝo3a-dcˤ_ lš^)