subject: Is it worth paying attention to Printer Security? [print this page] Is it worth paying attention to Printer Security?
When we as individuals and enterprises talk of security, we usually refer to securing our databases and servers, don't we? And for these security purposes, we consider looking at VPN, IPS and firewalls very seriously. It is also not hard to find companies world over spending billions of dollars in upgrading their security each year. But how many of you or for that matter these companies have thought of securing their printers? Hardly any of them would have thought in this regard.
Printers have indeed come a long way ever since they hit the market way back in the late 1970s. Back in those days, printers were largely connected to a single system and were capable of performing a single operation at a given time. However today's printer do not resemble its ancestors in any which way. The modern day printers are capable of performing different functions at a time and can be used along side different devices at a time. When large corporations talk about destruction and retention policies they usually refer to DVDs, CDs, hardcopies of different documents and even the hard drives of servers and laptops. Hardly anything is talked about hard drives present in the printers!
But this is not all; printers are hardly considered when security guidelines, procedures and policies are laid down in the first place. And considering the fact that vital company documents pass through these printers each day considering security measures for these items becomes all the more critical. Furthermore, it is interesting to note that not many organizations realize the functionalities of printers. Though most of these functions are not related to security in a direct way, they can still have an impact on the data security in one way or other. And hence they need to be addressed in an effective way. Some of them include, but not limited to:
Copying files to Unix or Windows file servers
Emailing scanned files to a new user
The ability of printers to receive faxes and then pass it on to other users via another fax or email and
Ability of storing different files that have already been printed, scanned, uploaded or emailed locally
Data that is already present in printers can be a target for any educated and well-prepared attacker. He/She would understand the real value of the data already present in the printer and knows how to compromise it. It is true that companies are investing lots of money in securing their network, dividing different systems and networks into zones to install firewalls, IPS and other control points but they are hardly focusing on logically placing their printers in a safe zone within a network. This is largely because printers are not treated as important devices within an organizational framework. They are hence least secured in their own trust zone where the access to their interfaces is not allowed for all users except few trusted printer administrators. Reducing the access to printer interfaces is one way how you can secure data stored in them.
