Bach Seat

According to the Institute of Electrical and Electronic Engineers networked printers and other hardcopy peripherals (such as copiers and multifunction devices) are vulnerable to attack thereby compromising even the most comprehensive security protocols.

To address this situation, the IEEE Standards Association (IEEE-SA) recently approved IEEE 2600™, “Standard for Information Technology: Hardcopy System and Device Security.”  This standard defines security requirements (all aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security and information security) for manufacturers, users and others on the selection, installation, configuration and usage of hardcopy devices and systems; including printers, copiers, and multifunction devices. Issues addressed by the standard encompass authentication, authorization and the privacy of data sent to and from devices and residing on them, as well as such areas as data integrity and device management.

IEEE 2600 identifies security exposures for these hardcopy devices and systems and instructs manufacturers and software developers on appropriate security capabilities to include in their devices and systems and instructs users on appropriate ways to use these security capabilities. “The device sitting in the hallway often gets overlooked, but printers have computers and disks in them, and they are in the network,” says Larry Kovnat, product security manager for Xerox, which helped spearhead the printer security standards initiative. “You’ve got to treat them like another computer node and make sure you put the right controls on them.”

The 2600 Profile requirements includes a Common Criteria checklist for laboratories evaluating printer security. “It includes strong use of encryption for transmission, data in motion, data on network data stored on disk/reprint, or secure printing,” Kovnat says. “It calls for an audit log with authentication services: Who’s logged into the device, and what have they done? It tracks their activities. And it includes an overwrite function that gets rid of residual data on the disk.”

Kovnat told Dark Reading that Xerox drove the requirement for separating the fax and computer networks in a printer. “We were very concerned about leakage between the fax network and the computer network,” he says.

Aaron Weaver, a security researcher who developed a proof-of-concept for a cross-site printing attack that remotely hacks printers using JavaScript, possibly take full control of the printer, all using an HTTP POST command tells Dark Reading that a security standard for printers is a good first step toward locking down these neglected devices. “It’s great that they are moving to some sort of security standard to build printers to,” Weaver says. “But there’s a long way to go in educating the end user. A lot of people don’t even know there’s a hard drive in printers.”

Weaver also warns that the new printer standard’s alignment with Common Criteria doesn’t guarantee security either. “It doesn’t mean that [the printer] is not going to have vulnerabilities, or that there’s not going to be some sort of hole in the products,” he says.

There are also social engineering risks to these devices. “How easy is it for me to go into an organization and just pull out and swap the hard drive? I can say, ‘I’m the printer repairman,’” Weaver says.  But if the hard drive were encrypted according to the 2600 Profile standards, then the data would be useless to the thief, he adds.

Prior to IEEE 2600, there were no standards to guide manufacturers or users of hardcopy devices in the secure installation, configuration, or usage of these devices and systems. Xerox’s Kovnat says the goal of the new standards is to raise the bar for printer security. “Security in printers has been inconsistent. This sets the bar at a high level for the minimum security.” According to the IEEE this standard is necessitated by several laws governing information security, including HIPAA,  the Safeguards Rule in the Gramm-Leach-Bliley Act, and  parts of the Sarbanes-Oxley Act all of which could be adversely affected by a failure to provide adequate hardcopy security.

In addition to the main standard, four additional standards are being developed to create protection profiles concerning the security requirements of different types of devices. A protection profile is a document used as part of the certification process according to the Common Criteria for Information Technology Security Evaluation, an international standard (ISO/IEC 15408) for computer security. A protection profile is a combination of threats, security objectives, assumptions, security functional requirements, security assurance requirements, assumptions, and rationales.  “This profile makes it easier for IT departments to identify which products will best meet their security requirements,” Kovnat stated in a press release.

The four protection profiles being developed to work with IEEE 2600 include:

• IEEE P2600.1™, “Standard for a Protection Profile in Operational Environment A”, concerns hardcopy devices in restrictive commercial information processing environments that need a relatively high level of document security, operational accountability and information assurance. Critical information in such environments includes trade secrets and that subject to legal and regulatory considerations.
• IEEE P2600.2™, “Standard for a Protection Profile in Operational Environment B”, concerns hardcopy devices in commercial environments that need moderate document and network security and security assurance for day-to-day proprietary and non-proprietary information concerning enterprise operation.
• IEEE P2600.3™, “Standard for a Protection Profile in Operational Environment C”, concerns hardcopy devices in a public-facing environment in which document security is not guaranteed, but access control and usage accounting are important. Such environments include retail copy centers, public libraries and Internet cafés.
• IEEE P2600.4™, “Standard for a Protection Profile in Operational Environment D”, concerns hardcopy devices in a small, private information processing environments where most security elements rely on the physical environment, but basic network security is needed to protect a device and its network from misuse from outside of the environment. Such environments include small offices and home offices.

IEEE 2600 Sponsors:

• Canon Inc.
• Fuji Xerox
• The Hewlett-Packard Company
• InfoPrint Solutions Company
• Konica Minolta
• Kyocera Mita Corporation
• Lexmark International, Inc.
• Océ
• OKI Printing Solutions
• Ricoh Company, Ltd.
• Samsung Electronics Co., Ltd.
• Sharp Corporation
• Toshiba TEC Corporation
• Xerox Corporation.

rb-

I first covered this topic in 2007, in this post, The Secret Lives of Copiers, since then the IEEE has caught up with me.  Some of the recommendations for better control of sensitive printing include:

• Require employees to use the secure print feature for confidential documents, which requires a authentication (password swipe card or biometric reader) be used at the device in order for the print job to be processed.
• Look for an MFP that offers encryption so that any data in transit or at rest on the device’s hard disk will be protected.
• Select a product with complete separation of the fax telephone line and the network connection. Unprotected fax connections in multifunction devices can be an open back door into the network.
• Look for an image overwrite security option, which electronically “shreds” information stored on the hard disk(s) of devices as part of routine job processing. The electronic erasing can be performed automatically when each print job is completed, or reset manually as needed. Soo if it is possible to bypass the hard disk and print straight from RAM (which is more secure but takes longer) or buy a model without a hard disk.
• Disable the reprint option – Some printer models let users hit a button that prints another copy of the previous job. Obviously you don’t want that capability when someone’s printing a secure document.
• Do not ignore virus protection  there is malware out there that can take control of a printer or steal the documents being sent to the device. One way to reduce risk: Get a model with a proprietary operating system.