![\"Copier](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/internet_stop_censorship-1-e1591227666375-138x150.jpg?resize=106%2C115&ssl=1\" "\\"Copier")
Multi-function printers (MFP) can scan, copy, fax, and print. The lowly office copier can now send emails, host web-based administrative pages, and even tell you when the ink is low. While doing all that, MFPs can store image files on onboard hard drives, which can contain sensitive, personally identifiable information (PII). Compliance with standards\/laws such as PCI-DSS, HIPAA, Sarbanes Oxley, state privacy laws, etc., may force MFPs\u00a0to be secured.<\/p>\n
\u2022 Are these devices accessible on the network? If so, how is “Administrative” access controlled? SecureState<\/em> says If you answered “No” or “I don’t know” to these questions, some of the issues more than likely need to be addressed.<\/p>\n Recommended best practices for multi-function printers and copiers with disk drives:<\/p>\n If the copier processes restricted data<\/a>, it MUST have encryption and image overwrite. For devices that process restricted data but do not have the necessary security features:<\/p>\n HP<\/strong> – All HP<\/a> (HPQ<\/a>) multi-function printers have hard drives.<\/p>\n All they focused on was the costs; they did not ask any of the due diligence questions pointed out in this post. They had no plans on wiping the HDDs on the 12 networked copy\/scan\/print Ricohs. It is pretty clear that all the info on the HDDs was bound for South America or else on the secondary market, as I wrote about here<\/a>.<\/em><\/p>\n <\/p>\n Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn<\/a>,\u00a0Facebook<\/a>,\u00a0and\u00a0Twitter<\/a>. Email the Bach Seat\u00a0here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Multi-Function printers (MFP) can scan copy fax print email host web pages store image with PII PCI-DSS HIPAA Sarbanes Oxley may force you to secure the copier.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3045,825,823,824,145,822,821,820,505,4,305],"class_list":["post-2874","post","type-post","status-publish","format-standard","hentry","category-security","tag-3045","tag-aes","tag-cryptography","tag-encryption","tag-hard-disk-drive","tag-ipsec","tag-mfp","tag-multifunction-printer","tag-personally-identifiable-information","tag-security","tag-ssl"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=2874"}],"version-history":[{"count":22,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2874\/revisions"}],"predecessor-version":[{"id":132959,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2874\/revisions\/132959"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=2874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=2874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=2874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"MFP](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/mfp_printer.jpg?resize=75%2C75&ssl=1\" "\\"mfp_printer\\"")
<\/em>SecureState<\/em><\/a> suggests<\/a> some general questions to ask when trying to understand the criticality of these copier systems and to show some due diligence:<\/p>\n
\n\u2022 How long are the image files retained on these systems?
\n\u2022 If the copier is compromised, can the attackers capture sensitive data?
\n\u2022 If a hard drive fails, does the replacement process follow the usual standard for securely destroying the disk?
\n\u2022 What are some of the services enabled on these devices? Is there an administrative website, SNMP<\/a> client, or SMTP server<\/a>? How about the accounts and passwords of the administrative websites; are they set to default accounts and passwords?<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data_theft1-1-e1563411578292-150x112.jpg?resize=99%2C74&ssl=1\")
Just like any network appliance, MFPs and other print devices are small computers connected to the network that have memory, storage, processors, an operating system, and full-fledged web servers. These devices can hold sensitive information<\/a>. Before that old printer is decommissioned, ensure the copier hard drive is securely wiped. If the existing device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive should be removed and securely wiped or destroyed separately before being decommissioned.<\/p>\nRecommended best practices<\/h3>\n
\n
\n
![\"Data](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/datadestruction.jpg?resize=55%2C82&ssl=1\" "\\"datadestruction\\"")
If possible, buy the required security modules and enable the features.<\/li>\nBy Copier Vendor<\/h3>\n
![\"Xerox\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/xerox_logo.jpg?resize=91%2C40&ssl=1\" "\\"xerox_logo\\""){kind=logo}
<\/a>Xerox\u2014<\/strong>Newer Xerox (XRX) devices have security features that often need to be turned on. For more information, see the Xerox Information Security Guides.<\/p>\n![\"Ricoh\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/ricoh_logo.jpg?resize=75%2C21&ssl=1\" "\\"ricoh_logo\\""){kind=logo}
<\/a>Ricoh\u2014<\/strong>Security options for Ricoh’s (7752) have to be purchased separately. For more information, see the Ricoh Common Security Features Guide (PDF).<\/p>\n![\"Canon\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/Canon_logo-150x52.png?resize=75%2C26&ssl=1\" "\\"Canon_logo\\""){kind=logo}
<\/a>Canon\u2014<\/strong>Security options for Canon (CAJ) devices must be purchased separately. For more information, see Canon Security Solutions for iR and iP Devices (PDF).<\/p>\n\n
![\"HP\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/HP_logo.gif?resize=50%2C48&ssl=1\" "\\"HP_logo\\""){kind=logo}
<\/a>There is a disk-wipe utility for all MFPs.<\/li>\nrb-<\/em><\/h6>\n
![\"Richard](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/richard_nixon.jpg?resize=81%2C108&ssl=1\" "\\"richard_nixon\\"")
<\/p>\nRelated articles<\/h6>\n
\n