By Mark Gibbs, author / writer
There was a time when you never had to think about whether your printers, scanners, copiers, and fax machines were secure -- they were simply input and output devices.
Sure, you had to make certain they couldn't be physically stolen or used inappropriately and you had to make sure that access to printer and fax queues was properly controlled, but beyond that there was little of concern.
The reason your printers, scanners, copiers, and fax machines were considered "safe" was that these devices were simple by today's standards. They used embedded custom software that didn't require updates and their functionality couldn't be extended. The result was that beyond the basic "best practices" of physical security there wasn't much to worry about.
Network management has always been a different story because of the huge range of threats your switches, routers, servers, desktops, laptops, and so on are exposed to. These "endpoints" have always been vulnerable whether it's being compromised by computer viruses, subverted by hackers, or attacked by malware. Your printers, scanners, copiers, and fax machines were immune to all of these threats.
But not so today; the last few generations of departmental and enterprise printers, scanners, copiers, and fax machines combine all of these functions into single product offerings called multifunction devices (MFDs) and their capabilities and complexity have increased exponentially. These products are now very sophisticated computer systems in their own right running highly customized versions of open source operating systems such as Linux, as Winn Schwartau, CEO of The Security Awareness Company (Nashville, Tenn.), points out:
"MFDs are really computers and should be treated with the same respect ... they should be covered by the same access rules both physically and over the network as every other endpoint. Why treat them architecturally any different?"
So, with this increased sophistication comes the requirement that MFDs have to be managed and their integrity has to be protected just like any other network endpoint.
Consider some of the risks that network-connected MFDs could be exposed to:
MFDs that provide fax services could be attacked externally via the attached phone line and then used to access the network.
Most MFDs provide a Web interface for management and it takes a lot of engineering to "harden" a Web server. A skilled hacker who knows how to exploit Web server flaws could effectively take control of an inadequately protected MFD.
Enterprise MFDs handle large volumes of data so they have integrated disk drives. Unauthorized access to the stored data by both people and processes running within the MFD's operating system could reveal sensitive or confidential material.
An MFD with a compromised operating system could be used as a platform to launch attacks on the rest of the network, which could range from illicitly monitoring network traffic to distributing malware.
Win Treese, Associate Director of the Hariri Institute for Computing and Computational Science & Engineering at Boston University (Boston, Mass.), notes:
"It's easy to overlook these devices, because they're seen as just 'office equipment.' Never mind that they now have more powerful computers than my workstation probably was just a decade ago and they run complex OS software that has vulnerabilities just like servers and desktops."
So, in your organization, are there multifunction devices that are treated as "just office equipment"? If there are, your network security is at serious risk.
To defend your network against the many potential attacks that MFDs could be subjected to there are a number of features that any enterprise-worthy product should offer and which you should have incorporated into your network security strategy. These include:
Fine-grained and rich user authentication and access control services
Extensive audit logging facilities
Secure printing that blocks unauthorized viewing or theft of output by holding jobs until a PIN or authentication device is physically presented at the MFD
Disk image overwrite to securely delete data stored in the MFD
An embedded fax subsystem to completely separate the network connection and telephone line thus preventing unauthorized communications between the two channels
IP address filtering to limit communications with specific networks and devices
Support for secure protocols to transfer data to and from the MFD and for administration access over the network
But there's one security assurance feature that is absolutely essential for modern multifunction devices: an integrated subsystem that can detect and block unauthorized attempts to modify the software that runs the device.
To ensure that the MFD can't be manipulated or subverted, its operating system needs to have built-in integrity checking and intrusion detection. While the technologies that support this level of systemic defense are becoming common in top-end server systems, their use in MFDs is only just becoming understood as a strategic issue in enterprise networks.
Every enterprise looking to invest in new multifunction devices should be demanding that along with the rest of the shopping list of security features, integrated operating system defenses are included because ever more sophisticated and complex threats to networked devices are only going to become more common.
The days when printers were just printers, fax machines just fax machines, and scanners just scanners, have long since passed.
