How to Secure the Multifunction Printer

 
 
By Rosen Sharma  |  Posted 2008-07-10
 
 
 

One of the reasons that convenience stores are "convenient" is because they are close, always on and always available-at least theoretically. Have you ever gone to your local convenience store and been frustrated because their in-store printer doesn't work? While multifunction printers have not hit the top ten lists of enterprise security or customer satisfaction concerns, they are now getting more attention as companies realize just how vulnerable these systems really are.

The beauty of fixed-function retail systems, such as networked multifunction printers, is that they've become standardized. This standardization has allowed devices to become increasingly interconnected and has enabled companies to run off-the-shelf software and inexpensive hardware on interactive operating systems, including Windows XP Embedded, WEPOS (Windows Embedded for Point of Service) and Linux. Standardization has also provided organizations with more software options, faster time to market and the ability to more easily adopt and integrate new technologies.

The challenge with standardization is that these devices open yet another dangerous door within any organization's network. Organizations now must ask how they will control software changes and ensure security and compliance so that these systems will continue to operate in the field as shipped.

The problem with fixed-function devices

Similar to a PC in a networked environment, today's fixed-function devices are susceptible to security risks and constant patching. The device manufacturers have been unable to control the type of software that might be installed on a device once it leaves the factory and is deployed in the field. And since these devices are vulnerable to unauthorized and inappropriate changes, they may no longer continue to operate as intended when they were shipped.

The result is a more vulnerable, non-compliant device being used in the field, leading to higher support costs and lower levels of availability. These factors, as well as many of the new security standards, have placed retailers and device manufacturers in a difficult situation of retrofitting devices like the multifunction printer with inefficient, resource-intensive anti-virus software.

The multifunction printer: A unique security and service risk

Networked multifunction printers often run in retail environments. When the devices are delivered to locations like convenience stores, the printers can become vulnerable to unauthorized modifications. This can ultimately cause the printers to fail, thus increasing the support costs to suppliers. To improve service availability and reduce support costs, it's critical that printer manufacturers protect the systems by limiting access-whether malicious or not.

And, while hackers may not purposely target printers, more and more of these systems contain Windows XP Embedded. Because of this, a hacker could break into the device, attacking it as a normal Windows desktop computer rather than a printer. One researcher recently found a cross-site printing vulnerability, which is a way to use JavaScript to remotely hack and use the printer as a conduit for spam.

Three ways to secure your multifunction printer:

1. Lock down and control the production image. Printer manufacturers must install change and runtime control software on the device to freeze the production image of the printer. This low-footprint, low-overhead software runs transparently on the printer and is designed to lock down the device's gold-base image certified by the manufacturer. This way, the printer manufacturer has greater control over what is installed, uninstalled, upgraded or modified on the base software image of an embedded system once it is deployed in the field.  

2. Look for alternatives to anti-virus. While anti-virus adds some protection to the network, it can't block everything. Limiting access to the system is a more effective way to ensure that unwanted and potentially harmful files, software or applications aren't introduced. The threat of zero-day polymorphic threats are drastically slashed with the ability to control what can actually run on the device and who can make that decision. Compensating controls enable a "concrete wrapper" around a device's gold- base image, protecting the device in the field and ensuring that it cannot be compromised. Since access or changes attempted by malicious code or unauthorized users are prevented, anti-virus and other security software is no longer needed. 

3. Patch systems on your schedule. The runtime control element of change control software can also help reduce the cost of operations by decreasing planned patching and unplanned recovery downtime, thereby increasing device availability. This feature is ideal for difficult-to-service, remote and lower-margin devices running vulnerable commercial operating systems and applications, since it lowers support costs by reducing the number of touchpoints needed. 

Today, convenience can mean that technology works as planned. Removing a potential vulnerability by simply installing change control software may be one of the most convenient approaches available, ensuring that systems operate as originally intended.

 Rosen Sharma, Ph.D, is president and CTO of Solidcore Systems, a leading change control software company. Sharma is a serial entrepreneur who co-founded Ensim, Teneros, VXtreme (acquired by Microsoft), Teros (acquired by Citrix), and GreenBorder (acquired by Google). He currently serves on the board of directors for Solidcore and Teneros. Sharma also started Mentor Partners, a firm that helps startup companies in India. The Mentor-Partner portfolio includes the following companies: Bubble Motion, Ugenie, Ilantus and Atlantis Computing. Sharma is a gold medalist from IIT Delhi, and he holds a Ph.D from Cornell University. He can be reached at Rosen@solidcore.com.

Rocket Fuel