Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
When you do a security scan of your site, do you consider your printers? It was enough, several years ago, to limit an audit to personal computing devices, servers and routers. But then the era of wireless printing arrived. Printers have become Internet appliances. These now need your security attention, considering some of the risks with printers. But you can protect your appliances just like you're securing your PCs and servers.
Wireless printers can be very easy to set up. They come preconfigured to connect easily, and even a novice user can have something up and running in a matter of minutes. To be able to make this connection simple, however, vendors keep the amount of wireless network configuration to a minimum. Taking the default settings, as always, significantly reduces the amount of security that is applied to the device.
Modern printers are actually computer platforms that have been designed to run printing functions. Inside are a CPU, hard drive, RAM and operating system components. Unfortunately, a system breach can permit these components to be re-purposed to do other things. And those are things you don't want to happen at your site.
The brute force way to deal with a network penetration is turning off the wireless network. By connecting the printer using a cable, you can run the wireless connections through the router. Unfortunately this is not an ideal solution -- you've probably installed these printers for the express capability of eliminating cables. If that's not your case, and you have deployed a printer with wireless networking capabilities but you're not using them, don't forget to turn off the wireless function.
If you choose to run the printer wirelessly, make sure you set up WPA2 encryption. This will require setting up a printer password. Make sure that your wireless printer password is different from your wireless router password. Having the same password for multiple wireless devices is just asking for trouble. This may involve more work in setting up the printer to run. Its password will have to be loaded into each device that connects. But that's just the cost of security.
A new aspect of printers is that many contain hard drives. It takes a lot more time to print a large document than it does to send it over the network. Instead of requesting blocks of data at a time, the printer will request that the source computer send all the data at once. The printer must then keep a copy of the data locally to do its printing. And what better cheap source of local memory than a hard drive? In many cases the hard drive will keep storing the data as it gets requests, but not remove the data once the printing is complete. This results in a large volumes of data being stored on the drive.
Why does this pose a security risk? An intruder could externally hack the printer. Getting to the locally stored data is a fairly simple step once the machine has been compromised in this way. Then a copy of the information that has been printed can be stolen remotely from the machine.
Moving out older printers might mean you're inadvertantly giving your data away. Donating a working printer to a charity organization or a school can be a common practice. Even if the printer is not working, the data on the drive may be accessible. It is difficult to physically remove a drive from the printer to wipe the data. In many cases it may be impossible, as the drive is not meant to be a removable component. It is very difficult to get software to do the job.
In a lot of cases the printer manufacturer will give you the option to set up encryption on the internal hard drive. Lexmark, for example, outlines this kind of process. Search for “hard disk encryption” with your model number at your vendor's website. Make sure to use a strong encryption method such as AES 256 bit encryption. If the machine is compromised, it may still be possible to get at the data, but is will be difficult to remove it. At a minimum it will make it a harder target and may force the thief to discard it.
If encryption is not an option, some manufacturers will allow you to bypass the drive. This may case usability issues, especially if large documents are being printed. Not only will this cause printer slowdowns, but it also leads to network congestion. Do some research on what is being printed before choosing this strategy
A Man in the Middle attack uses a computer to get in between two machines on your network. If a computer is connecting to the printer, then the rogue machine does the following. First it convinces everyone on the network it is the printer. Then it convinces the printer it is the router. From that point onward, all data going to the printer is now accessible by the rogue machine. From that point is it easy to convert the printer data back to its electronic source, or the data can be forward and printed elsewhere. For more information see our article on Man in the Middle.
To avoid this vulnerability, configure your wireless printers to use a secure protocol over the network. This will employ encryption to accomplish two things. First, it will provide end to end encryption so that the data is encrypted on the source machine before it is transmitted. This will help prevent easy decryption of any intercepted traffic.
Second, by using a secure protocol, the source machine can verify the printer destination using a digital certificate. In fact, some printers do support SSL connectivity across the network. Another technology that was specifically designed for this application is IPSEC. This provides endpoint authentication and end to end encryption. IPSEC is very useful in support of wireless connections. Consult the printer vendor's documentation on how to configure this option. There are also lots of how-to videos on the web.
Installing printers in locations that are physically limited to the printer user community is a must for sensitive information. This may drive managers to keep printers next to a user's machine. Make sure to use a connection that is also secure. On a security audit, I saw a CEO's printer set up wirelessly across the office, because he did not want any wires connecting to his laptop. Needless to say, there was no security protection on the connection. He's still the CEO, but he's learned a bit about wireless printer security.