Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking
    • PC Hardware
    • Small Business

    How to Secure the Multifunction Printer

    By
    Rosen Sharma
    -
    July 10, 2008
    Share
    Facebook
    Twitter
    Linkedin

      /images/stories/70×50/bug_knowledgecenter_70x70_(2).jpg

      One of the reasons that convenience stores are “convenient” is because they are close, always on and always available-at least theoretically. Have you ever gone to your local convenience store and been frustrated because their in-store printer doesn’t work? While multifunction printers have not hit the top ten lists of enterprise security or customer satisfaction concerns, they are now getting more attention as companies realize just how vulnerable these systems really are.

      The beauty of fixed-function retail systems, such as networked multifunction printers, is that they’ve become standardized. This standardization has allowed devices to become increasingly interconnected and has enabled companies to run off-the-shelf software and inexpensive hardware on interactive operating systems, including Windows XP Embedded, WEPOS (Windows Embedded for Point of Service) and Linux. Standardization has also provided organizations with more software options, faster time to market and the ability to more easily adopt and integrate new technologies.

      The challenge with standardization is that these devices open yet another dangerous door within any organization’s network. Organizations now must ask how they will control software changes and ensure security and compliance so that these systems will continue to operate in the field as shipped.

      The problem with fixed-function devices

      Similar to a PC in a networked environment, today’s fixed-function devices are susceptible to security risks and constant patching. The device manufacturers have been unable to control the type of software that might be installed on a device once it leaves the factory and is deployed in the field. And since these devices are vulnerable to unauthorized and inappropriate changes, they may no longer continue to operate as intended when they were shipped.

      The result is a more vulnerable, non-compliant device being used in the field, leading to higher support costs and lower levels of availability. These factors, as well as many of the new security standards, have placed retailers and device manufacturers in a difficult situation of retrofitting devices like the multifunction printer with inefficient, resource-intensive anti-virus software.

      The multifunction printer: A unique security and service risk

      Networked multifunction printers often run in retail environments. When the devices are delivered to locations like convenience stores, the printers can become vulnerable to unauthorized modifications. This can ultimately cause the printers to fail, thus increasing the support costs to suppliers. To improve service availability and reduce support costs, it’s critical that printer manufacturers protect the systems by limiting access-whether malicious or not.

      And, while hackers may not purposely target printers, more and more of these systems contain Windows XP Embedded. Because of this, a hacker could break into the device, attacking it as a normal Windows desktop computer rather than a printer. One researcher recently found a cross-site printing vulnerability, which is a way to use JavaScript to remotely hack and use the printer as a conduit for spam.

      Three ways to secure your multifunction printer:

      1. Lock down and control the production image. Printer manufacturers must install change and runtime control software on the device to freeze the production image of the printer. This low-footprint, low-overhead software runs transparently on the printer and is designed to lock down the device’s gold-base image certified by the manufacturer. This way, the printer manufacturer has greater control over what is installed, uninstalled, upgraded or modified on the base software image of an embedded system once it is deployed in the field.

      2. Look for alternatives to anti-virus. While anti-virus adds some protection to the network, it can’t block everything. Limiting access to the system is a more effective way to ensure that unwanted and potentially harmful files, software or applications aren’t introduced. The threat of zero-day polymorphic threats are drastically slashed with the ability to control what can actually run on the device and who can make that decision. Compensating controls enable a “concrete wrapper” around a device’s gold- base image, protecting the device in the field and ensuring that it cannot be compromised. Since access or changes attempted by malicious code or unauthorized users are prevented, anti-virus and other security software is no longer needed.

      3. Patch systems on your schedule. The runtime control element of change control software can also help reduce the cost of operations by decreasing planned patching and unplanned recovery downtime, thereby increasing device availability. This feature is ideal for difficult-to-service, remote and lower-margin devices running vulnerable commercial operating systems and applications, since it lowers support costs by reducing the number of touchpoints needed.

      Today, convenience can mean that technology works as planned. Removing a potential vulnerability by simply installing change control software may be one of the most convenient approaches available, ensuring that systems operate as originally intended.

      /images/stories/heads/sharma_rosen70x70.jpgRosen Sharma, Ph.D, is president and CTO of Solidcore Systems, a leading change control software company. Sharma is a serial entrepreneur who co-founded Ensim, Teneros, VXtreme (acquired by Microsoft), Teros (acquired by Citrix), and GreenBorder (acquired by Google). He currently serves on the board of directors for Solidcore and Teneros. Sharma also started Mentor Partners, a firm that helps startup companies in India. The Mentor-Partner portfolio includes the following companies: Bubble Motion, Ugenie, Ilantus and Atlantis Computing. Sharma is a gold medalist from IIT Delhi, and he holds a Ph.D from Cornell University. He can be reached at Rosen@solidcore.com.

      Rosen Sharma
      Rosen Sharma, PhD, is President and CTO of Solidcore Systems, a leading change control software company. Rosen is a serial entrepreneur who co-founded Ensim, Teneros, VxTreme (acquired by Microsoft), Teros (acquired by Citrix), and Green Border (acquired by Google). He currently serves on the board of directors for Solidcore and Teneros. Rosen also started Mentor-Partners, a firm that helps startup companies in India. The Mentor-Partner portfolio includes the following companies: BubbleMotion, uGenie, iLantus and Atlantis Computing. Rosen is a gold medalist from IIT Delhi and holds a PhD from Cornell University. He can be reached at Rosen@solidcore.com.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×