Learning Center
Plans & pricing Sign in
Sign Out

Guidelines - printer security webpage


									ASSURANCE AND RISK MANAGEMENT SERVICES                                                                      THE UNIVERSITY
                                                                                                            OF QUEENSLAND

                                                                                                   Corporate Printer Security

1. Standards/Guidelines
         Printer technology has advanced – printers were no longer dumb devices that had no memory. Common multi-function
         device (MFD) or multi-function printer can perform all or most of the following tasks:
          Printing
          Copying
          Stapling/stacking
          Digital sending to email
          Digital sending to a network folder
          Document Management

          Confidential and/or sensitive data often flow to printers and MFD. Without adequate security, this data could be subject
          to unauthorised access. It is not sufficient to rely on security policies and procedures as they are not always specific
          regarding the configurations. Ideally, there should be detailed standards, procedures or guidelines for the management
          and configuration of all networked printers and MFD.

2. Default System Passwords
         Networked printers and MFDs should not be deployed without changing their default passwords as these default
         passwords may be exploited. A printer configuration that is not locked down via strong passwords may be subject to
          man-in-the middle attack carried out through IP address modification or the use of easily obtainable
         freeware/shareware tools. Written procedures or guidelines should require that the default factory-set passwords
         changed as one of the first steps of deployment.

3. & 4.   SNMP
          Simple Network Management Protocol (SNMP) is an application-layer protocol that helps administrators monitor and
          manage network devices, including printers. It uses community string to authenticate connections. In the earlier
          versions of SNMP (versions 1 and 2), the community string travels across the network in clear text or sometimes, weak
          encryption, which left remote administration susceptible to packet sniffing. SNMP v3 has more robust encryption and
          authentication mechanisms. If an intruder gains access with write privileges, they can potentially change most parts of
          the printer configuration. The changes an intruder can make depend on the management information bases defined by
          the printer vendors. There are also some vulnerabilities that may lead to a printer leaking the Telnet and HTTP
          administrative passwords or information about the documents printed.

5.    Central Management
         If printers and MFDs are centrally managed, changes can be made to the control configuration file and pushed out to
         these networked devices. If not, there is a need to develop more than one printer-specific standard that gives detailed
         settings and instructions.

6.    Location
         Ideally, critical printers and MFDs (used for printing, photocopying, scanning or faxing critical and private/personal
         information e.g. cheques, patients’ health information, student’s academic transcripts and testamur) should be located in
         a secure area. This is to prevent unauthorised access to confidential and personal or private information.

7. & 8.   Modify Rights
          If any user has the access to modify files located in a buffer or print server, there is a risk of unauthorised changes to the
          data (data integrity risk).

9. Auditing
         If auditing is turned on, print logs should be monitored using a risk-based approach, e.g. a printer in a library may not
         need audit logs turned on. Logs of print jobs can be reviewed as an adjunct to determine if the individual who printed
         the job is authorised to print the job and other suspicious activity such as volume of print jobs can be reviewed.

10. & 11. SFTP/TELNET
ASSURANCE AND RISK MANAGEMENT SERVICES                                                                      THE UNIVERSITY
                                                                                                            OF QUEENSLAND

                                                                                                    Corporate Printer Security

          Services such as File Transfer Protocol (FTP) and Telnet should be disabled if not used. With FTP, an end user could
          employ the “put” command to print a document directly to a printer. Telnet could be used for administrative purposes,
          and hence is dangerous in the wrong hands.

         HTTP services are sometimes vulnerable to a variety of attacks, e.g. denial-of-service, cross-site scripting and directory
         traversal. Were an unauthorised user to gain access to the interface, there is a potential risk of the user downloading
         documents, faxes and history logs. HTTPS services should be used instead.

         If the JetDirect port is not properly restricted, there is a possibility that almost anyone can connect directly to it and
         gather information about the printer configuration or download documents.

14. & 15. Patch Management
          To further prevent remote unauthorised access to print files, security patches should be applied in accordance with the
          patch management policy as and when they are released. In addition, system management and security procedures must
          be reviewed frequently to maintain system integrity.

16. & 17. Printer HDD Security
          Hard disk data “encryption” and hard disk data “overwrite” features should be turned on where available. Hard disk
          data encryption secures data on the hard disk drive by storing encrypted, rendering the content inaccessible should the
          drive be removed. Hard disk data overwrite automatically erases data on the hard disk after each job is completed.

18.   Disposal
          The amount information contained in the printers and MFDs can be significant and sensitive. Hence, it is necessary to
          ensure that information and records are appropriately managed and removed prior to disposal of the printer or MFD.

          In accordance with Information Standard 13: Procurement and disposal of ICT products and services (IS13) disposal of
          government-owned Information and Communication Technologies (ICT) resources must be:
             a. conducted with approval from the accountable officer or delegated personnel; and
             b. supervised and certified upon completion by a person delegated by the accountable officer.

          For further information on how to ensure records are appropriately managed, please refer to Information Standards
          on Retention and Disposal of Public Records (IS31) and Recordkeeping (IS40) before undertaking ICT resource
          disposal processes.

19. - 21. Information Security
          According to the Queensland Government Information Security Controls Standard (section 2.7 QGISCS), printer
          ribbons, programmable read only memory (PROM) and read only memory (ROM) “cannot be sanitised and should be
          destroyed if they contain or may have contained security classified information assets” and if the information is not
          subjected to recordkeeping requirements as outlined in Public Records Act 2002 and UQ Records Management Policy.

          “Other media including various forms of erasable or alterable PROM (EPROM), laser printer and photocopier drums,
          and magnetic media such as hard disk drives may be sanitised for reuse by wiping or by using a suitable degaussing
          tool. Sanitisation of magnetic media by erasure should be performed using specifically designed security erasure
          software to effectively wipe the contents of electronic storage media.” It is also important to ensure that any encryption
          keys are removed from the media.

          As outlined in Queensland Government Information Security Classification Framework, the classification schema for
          security classified information are:
             a. National Security Information
             b. Non-national Security Information
ASSURANCE AND RISK MANAGEMENT SERVICES                                                                THE UNIVERSITY
                                                                                                      OF QUEENSLAND

                                                                                             Corporate Printer Security

     “National security information is any official resource (including equipment) that records information about, or
     associated with, Australia’s:
        security from espionage, sabotage, politically motivated violence, promotion of communal violence, attacks on
        Australia’s defence system or acts of foreign interference
        defence plans and operations
        international relations, that relate to significant political and economic relations with international organisations and
        foreign governments
        national interest, that relates to economic, scientific or technological matters vital to Australia’s stability and
        integrity. “

     “Non-national security information is any information asset that requires increased protection and does not meet the
     definition of national security information. Most often this will be about:
        government or agency business, whose compromise could affect the government’s capacity to make decisions or
        operate, the public’s confidence in government, the stability of the market place and so on
        commercial interests, whose compromise could affect the competitive process and provide the opportunity for unfair
        law enforcement operations, whose compromise could hamper or render useless crime prevention strategies or
        particular investigations or adversely affect personal safety
        personal information, which is required to be protected under the Information Privacy Act 2009, the Public Records
        Act 2002 or other legislation.”

     Section 2.7 of QGISCS states that, “security classified material may be disposed of by:
        pulping: transforming used paper into a moist, slightly cohering mass, from which new paper products will be made
        burning: (in accordance with relevant environment protection restrictions)
        pulverisation: using hammermills with rotating steel hammers to pulverise the material
        disintegration: using blades to cut and gradually reduce the waste particle to a given size determined by a removable
        shredding: using cross-cut shredders. Where the disposal method is shredding, classified material should be
        destroyed using a cross-cut shredder that reduces waste to a particle size of 2.3mm x 25mm or less.”

To top