Your device needs to be designed, manufactured and implemented with security as a core requirement. Security-focused thinking should be present from the start in everything from product design to sales. Informing both the design philosophy and continuous support with new solutions as threats evolve.
Ensure your multifunction devices and laser printers are protected from potential threats — including compromising firmware, a device’s hard disk drive, non-volatile memory, open network ports and system of authentication. Check that you have products based on Common Criteria (ISO/IEC 15408). On devices undergoing Common Criteria certification, security functions are tested by independent third-party government-licensed laboratories to ensure security features perform correctly and conform to standards set by both government and industry.
If an MFP or printer’s built-in software — also known as firmware — is altered or compromised, that device can then be used as a method of intrusion into the corporate network, as a means to damage the device or as a platform for other malicious purposes.
Ensure you have a device designed not to boot up if the firmware has been compromised and look at hardware security modules that validates the controller core programs, Operating System, BIOS, boot loader and application firmware.
The best devices use a digital signature to judge firmware validity. The public key used for this verification should be stored in an overwrite protected, non-volatile region of your device. There should also be a root encryption key and cryptographic functions which cannot be altered from the outside.
Then two methods to verify the validity of programs/firmware: 1. Detection of alterations
2. Validation of digital signatures
The device should not boot up unless its programs/firmware are verified to be authentic and safe for users.
When a document is scanned or when data is received from a PC, some data may be stored temporarily on the hard disk drive or memory device. This can include scan/print/copy image data, user entered data and device configuration. This temporary — or “latent” — data represents a potential security vulnerability. A DataOverwriteSecurity System (DOSS) closes this vulnerability, destroying temporary data stored on the MFP’s hard drive by overwriting it with random sequences of “1’s” and “0’s.” Temporary data is actively overwritten and thereby erased each time a job is executed.
Even if the hard drive is physically removed from your device, the encrypted data cannot be read. The hard drive encryption function can help protect a multifunction printer’s hard drive against data theft while helping organisations comply with corporate security policies.
Encryption includes data stored in a system’s address book — reducing the danger of an organisation’s employees, customers or vendors having their information misappropriated and potentially targeted.
The following types of data — which are stored in the non-volatile memory or hard disk drive of multifunction printers — can be encrypted:
Enabling a device’s fax feature may mean connecting it to the outside via a telephone line — which means that blocking potential unauthorised access via the fax line is critical.
You require embedded software that is designed to only process appropriate types of data (i.e. fax data) and send that data directly to the proper functions within the device. Because only fax data can be received from the fax line, the potential for unauthorised access from the fax line to the network or to programs inside the device is eliminated.
The IEEE 2600 security standard defines the minimum requirements for security features used by devices that require a high level of document security — establishing a common baseline of security expectations for both MFPs and printers.
To ensure that a device demonstrates conformance with the established standard, an independent third-party laboratory tests and provides verification of the manufacturer’s security features.
These areas — which have been identified as the most vulnerable for possible data breach — should be validated and enabled:
Authentication features enable authorised users to access a multifunction printer, while preventing access for those without proper credentials.
You should also look for the ability to control the level of capabilities granted to each user or group of users. This may include restricting the ability to change machine settings and view address book entries or granting access to particular scanning workflows, document servers and other functions.
In addition, a User Lockout function — which triggers if it detects a high frequency of successful or failed login attempts — helps guard against a denial of service attack or brute force password crack.
The process of digitising hard copy documents and routing the resulting electronic files — whether to back-end systems or via email — can be a point of data compromise if not properly secured. Scanning processes, though designed to be easy for users, should also deliver robust protection for routed digital information. This starts with restricting access. Limit scanning operations to authorised users only with several authentication options — including via network login, optional Kerberos authentication or single sign-on via card.
Encrypting scan-to-email communications helps reduce the risk of information compromise. Send email messages using public key cryptography and a certificate of user verification that has been registered in the scanning device’s address book. You can also prevent email spoofing and message alteration by attaching an electronic signature that uses a secret key, based on a device certificate.
You should look for multifunction printers, copiers and scanners that are equipped with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and can utilise strong encryption algorithms (256-bit AES and SHA-2) — as well as provide audit trails and administrative control.
Printed documents sitting on the paper tray or left out in the open can be picked up by anyone. This puts the document’s information at risk, and the potential impact grows dramatically when printing confidential documents.
Ensure your device has locked print capabilities which can hold encrypted documents on the device’s hard drive until the document’s owner arrives and enters the correct PIN code. In addition to this driver-based locked print function, an extra level of security is enhanced locked print — which is tied to user accounts and can be coupled with card authentication.
For even more capability, software can provide full-featured secure document release — giving users options over their secure print queue while letting administrators maintain control.
Ensure your device has functions to stop unauthorised copying of hard copy documents — helping prevent possible information leaks. The copy guard function prints and copies documents with special invisible patterns embedded across the background. If the printed or copied document is photocopied again, the embedded patterns will become visible on the copies.
An unauthorised copy control function protects in two ways. Masked Type for Copying embeds a masking pattern and message within the original printout. If unauthorised copies are made, the embedded message appears on the copy. This might include the document author’s name or a warning message.
Data Security for Copying helps safeguard the information itself. When the device detects the masking pattern, the printed data is obscured by a grey box that covers all but a 4mm margin of the masking pattern.
Stamp documents with key identifying information for greater accountability and management control.
Mandatory security information print is a feature that forces key information — including who printed a document, when it was printed and from which device — to be printed with a document. This feature can be enabled for copy, print, fax and document server functions.
Administrators can select the print position and which types of information will be automatically printed on the output, which may include:
Uncontrolled use of imaging equipment can lead to unanticipated expenses and potential violations of company policies.
Ensure your device has cost accounting and recovery software tracks usage down to the individual and automates the process of allocating costs back to users or departments.
Create greater accountability by establishing user quotas and budgetary account limits. Establish user permissions to restrict access to certain features based on need — for example, the ability to print in colour. Controlling who can use equipment via authentication and designating what they can or cannot do reduces opportunities for misuse and provides useful management insight.
Ensure your devices support network user authentication to limit access to authorised users. For example, Windows® authentication verifies a user’s identity at the multifunction printer by comparing login credentials (user name and password) against the database of authorised users on the Windows network server.
In the case of access to the global address book, LDAP authentication validates a user against the LDAP (Light-weight Directory Access Protocol) server — so only those with a valid user name and password can search and select email addresses stored on the LDAP server.
Look for software that provides additional network authentication options. These include authenticating against the LDAP, Kerberos authentication and custom integrations.
In an effort to make it easy to add network devices, many vendors’ network-enabled systems are routinely shipped to the customer with all ports set to “open” — but unused open ports on printers and MFPs pose a security risk.
Compromised ports can lead to various outside threats — including the destruction or falsification of stored data, Denial of Service (DoS) attacks and viruses or malware entering the network. There is a simple but often overlooked solution for this particular risk source: close the ports.
Ensure you can easily lock down unneeded network ports — helping make devices virtually “invisible” to hacking. In addition, specific protocols — such as SNMP or FTP — can be completely disabled to close off the risk of them being exploited.
As data moves through the network, it is possible for a knowledgeable hacker to intercept raw data streams, files and passwords. Without protection, intelligible information can be stolen, modified or falsified and re-inserted back into the network with malicious intent.
Ensure you are using robust network security protocols that can also be configured according to custom needs. The Transport Layer Security (TLS) protocol is used to help maintain the integrity of data being communicated between two end points.
Data sent in a print stream can be exploited if unencrypted and captured in transit. Ensure the encryption of print data by means of Secure Sockets Layer/Transport Layer Security (SSL/TLS) via Internet Printing Protocol (IPP) — encrypting data from workstations to network devices or multifunction printers. This can be accomplished using IPP over SSL/TLS. Because this is a protocol that helps maintain data integrity, attempts to intercept encrypted print data streams in transit would only produce data that is indecipherable.
Because managing devices can be time consuming, security gaps can emerge unintentionally when aspects of proper device management go unattended. Device management software gives IT managers a central control point to monitor and manage a virtually unlimited number of network connected print devices — whether spread across multiple servers or geographic regions.
SNMPv3-encrypted communications are used to monitor the operating status of devices and their services — incorporating user authentication and data encryption functions that help protect user data and network device information.
With central control, administrators can determine who can access and use a device or multifunction printer, monitor DataOverwriteSecurity Solution (DOSS) settings and manage device certificates. Automated tasks can also reduce exposure from outdated firmware.
Ensure your device can collect soon to-be critical service alerts and can communicate them directly to your Service Provider using a secure method. Your Provider can schedule remote firmware updates — using the connector to push critical updates immediately. Also collect device meters and makes them available on a predefined schedule — along with notifications of consumables levels — to maintain uptime and reduce administrative burden.
Latent information on decommissioned equipment can present a security risk until it is completely destroyed. If compromised, malicious third parties could use acquired information towards a larger security breach. Ensure you have program's that can clean information from equipment at the end of its useful life or when being returned at the conclusion of a lease or rental contact.
Utilise the following when your equipment is end of life:
Hard Drive overwrite services Typically performed when a device is decommissioned or at the conclusion of an equipment lease, the Data Overwrite Service completely overwrites customer data on the machine’s hard drive.
Hard Drive disposal services The Hard Drive Surrender Program allows customers to retain their MFP or printer’s hard drive at the end of a lease or the machine’s useful life.
MFP cleansing services Designed to remove all identifying information from a MFP or printer before that device leaves a customer’s location. Information stored in the device’s memory — such as address books and network address information — is deleted. Identifying marks like labels listing department names, IP addresses and service desk information is also removed — along with any customer-specific paper or form stock. Removing such information can help prevent malicious attempts to gather an organisation’s IT information.
Ensure that you have access to a technical support partner where and when you need it. Look for a support partner that is able to provide standardised, consistent, end-to-end solutions that are able to quickly respond to customer requests and alerts.
Ensure you can access technical documentation to support your information security requirements — including IEEE 2600 and ISO 15408 Certification Documents when applicable. This documentation provides independent third-party validation of security claims and should be provided upon request.
In addition, look out for providers who can provide Security White Papers covering devices and network settings and Device Security Installation Guides. These guides should provide detailed information about how the equipment communicates data inside of the device and how the device interacts with the network.
Maintaining a high degree of vigilance and adhering to security best practices involves more than just technology — it involves people. Look for a partner able to offer comprehensive training on devices which is aimed at both end users and administrators. With the right knowledge at their fingertips, your team can understand available security capabilities and learn how their appropriate use can help your organisation protect its information and comply with policies