Snazzy printer features could open Pandora's box
Hard drives on networked printers and MFPs could be storing sensitive data
- By Patrick Marshall
- Apr 01, 2010
If printers are underestimated as a source of potential savings, they are also often underestimated as a potential avenue of security violations.
There is, of course, the potential that a sensitive document might be printed and inadvertently left in the printer output tray for all to see.
Printer security: The invisible problem in plain sight
But when the printer is networked, risks grow considerably. For example, many organizations require user authentication at a printer before a job will print to ensure that the appropriate person is there when the document is printed.
However, many organizations overlook the fact that networked printers and multifunctional devices have evolved into full-fledged computing devices that contain hard drives that can store sensitive data. In addition, unguarded ports on printers and multifunctional printers can serve as vulnerable access points to other network resources.
“There is a lot of capability in these devices that sometimes customers just aren’t aware is there,” said Larry Kovnat, product security manager at Xerox. “We have some guidelines for how to configure devices, such as turning on [disk] overwrite, making sure to use encryption and checking the audit log periodically. The other thing I would say is to make sure the devices are patched.”
Kovnat said he is not aware of any significant attacks that originated through a networked printer. “It’s more of a potential avenue of attack than a real one,” he said. But he adds that securing printers requires more than due diligence. He said printers and MFPs have real vulnerabilities and, “it’s true that in terms of awareness of IT departments, printers and multifunction devices are under the radar.”
Managed print services can add greatly to securing that particular avenue of attack. “Anything that adds to centralized management does help the security problem,” he said, “because you have better control over configuration, you have better control over change management, you have better control over deployment.”
Patrick Marshall is a freelance technology writer for GCN.