Jan 11 2011

Plugging Peripheral Security Holes

Curtail data leakage through printers, fax machines and copiers by properly securing these devices.

Users often don’t give much thought to their printers, fax machines and copiers when it comes to data vulnerabilities, but IT teams need to make sure these devices are secured properly.

Networked imaging devices often present the biggest single security hole in an organization.

The reason? Most multifunction printers don’t have centralized management; in fact, many aren’t managed at all. Imaging devices may retain your most sensitive information in a form that can be accessed by anyone, and some may even send sensitive documents to unauthorized users on request.

Here are seven tips for minimizing the risk:

Tip 1: Perform an inventory of all network-attached imaging devices, including scanners, printers and fax devices. Collect details on the IP addresses, software versions and options that are installed.

Tip 2: Learn which devices contain hard drives. In networked devices, you can usually find out by browsing the IP address of a device and looking at its management pages. For other devices, you may need to check manufacturer information.

Tip 3: If your devices contain hard drives, determine whether they are encrypted. Usually this is indicated by the presence of an encryption option in the management software. If you don’t find such an option, see if you can add it to your devices. If you can’t, then limit use of these devices to only nonsensitive documents.

For printers, copiers and fax machines not connected to the network, you may be able to determine the presence of hard drives by printing status pages. You’ll still need to find out if the drives can be encrypted, and the status pages may tell you that. If not, call the manufacturers of these devices.

Tip 4: While you’re visiting the management pages of these devices, set an admin password that has the same level of security as your other network devices. If possible, also set an admin password for devices that aren’t attached to the network. You should also limit or completely block access to devices’ management pages by general users.

Tip 5: Secure physical access to devices, either by locking access panels or by placing the devices in areas that can be locked. One common method of compromising sensitive information occurs when hard drives are replaced during service. For hard drives that aren’t encrypted, monitor physical access to the inside of your printers, scanners or fax machines.

Tip 6: Manage your network so that devices can’t be accessed from outside the network, and so that document images can’t be e-mailed except to approved addresses. IP addresses should be in zones that don’t have Internet access, and routers should be set to deny access to these addresses from outside the secured network.

Tip 7: When you next purchase imaging products, consider products that include centralized management tools. Also, specify products that meet the IEEE P2600 family of standards for hard-copy device and systems security, which includes security features such as passwords, encryption and file “shredding.” For example, Canon recently introduced a proprietary management system that scans for prohibited keywords.

The ability to manage what happens to electronic documents saved on your imaging devices is ultimately the key to protecting your organization from these frequently overlooked threats.





Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT