Why Print Security?
That simple question exposed prevailing lackadaisical attitudes towards printers, and an almost criminal forgetfulness on the part of IT admins and IT security staffers about the fact that printers can expose them to harm. Both externally, and sickeningly, when it happens internally!
After our introduction to the event by Ed Wingate, VP and GM for HP JetAdvantage Solutions, we got into it.
I was thoroughly fascinated by the session “Why Should Organizations Care About Print Security”.
Led by HP Chief Security Advisor Michael Howard, this eye-opening session delved into how the lowly printer could be used for crimes and tasks so nefarious, most of us haven’t even comprehended how!
As the session went along, I thought of all the printers at all the locations of all the businesses we manage.
It was, frankly, nether-puckering!
Internet access was speedy there, but even if it wasn’t, I wasn’t going to wait: I immediately troffed off an email to my EVP asking him to initiate an immediate inventory of networked printers at our managed firms, and see where we stood.
As declared earlier, this deeply engrossing session tried to show how even if you reduced your company’s attack surface to what you thought was manageable for your computers and servers, not doing so for your printers left you with a gaping hole so large, a toddler could drive a Mack truck through it.
My takeaways are below.
Your Printer is an Endpoint
Where is your printer located?
Behind your firewall, right?
On your network, eh?
With access to everything, huh?
Most networked printers are embedded with a little web server in order to easily facilitate management. In case you did not know.
These web servers tend to be full-featured web servers just being used for a single purpose.
However, they are, full-featured.
Meaning that any intruder, if he or she has access to that device located behind your firewall and other security devices, could wreck havoc with your firm, or enlist your printer as part of a zombie army of RaTs (Remote-access Trojans) engaged in large-scale criminal activities.
Your Printer is a gateway
You do know that your printer is an entrepôt into your computing infrastructure, right?
While my examples above are of folks who want to use your printer for external crimes, think about what your printers are used for, how many confidential document go across the wire to those devices daily?
Oftentimes, print security is thought of as ‘’local access security’ only, where jobs sent to print are secured until the sender or the recipient logs into the print device(s) to create their output.
What if there was someone waiting to intercept those documents for financial return to them? What if the documents attached you or your firm to a crushing liability that would end up killing your company?
Remember, again, that all that a bad actor needs, is remote access to your printer.
Your printer has intelligence
You printer these days, is basically a computer dedicated to performing a fixed task of printing.
It almost always has a CPU, which was a RISC CPU for so long. Then, I believe, low-end x86 CPUs. Today, I will almost bet that they use an ARM processor. Complete with an OS, networking, and storage. Most business-class printers today are equipped with scanners.
I read earlier that scanners are particularly bad for your print security health because they keep electronic images of you document(s) in their caches loooong after you think they should – no, must – have been deleted.
And open ports. Lots of open ports! Lots of lovely unsecured open ports.
You printer is always listening
And what is your printer doing through those lovely open ports?
Always listening for work, or for orders to perform work.
In performing work, you printer is happily conscience-free, agnostic to the provenance or intention of proffered orders. Only consumed with fulfilling those orders.
Do you see the fail here?
Your printer is seldom patched
Even I, am guilty of this.
Prior to now, any time the HP print devices here throw up a notification that a firmware patch or a software patch is available, I have always tended to treat those notifications are extreme annoyances, and disregarded them.
The session showed us how we basically hang neon lights out our electronic doors asking for criminals to hack us when we leave our print devices unpatched. Rather unlike what the norm is with our PCs and servers.
Your printer is inadequately managed
Most people can’t tell with any reliable amount of certainty just how many print devices are in their inventory. They are also unaware of how many of those devices are intelligent enough to be used as drones for attacks, possibly bringing down their network, or, in extreme cases, open the company up for tortious actions.
A detailed, quantifiable management scheme is needed to identify, manage, and harden printers on company networks.
As I see it
Print security is not only necessary, it must be an integral of your IT playbook.
Printers hung on your network must be part of a holistically-managed fabric that inventories, categorizes, patches, and allows access to and with them, based on the whims of the primary user the print device has been issued to.
Nothing else will do.
In this series
- Why Print security (this blog post)
- What HP is Doing about Print Security
- My final thoughts on HP Efforts on Print Security.
HP Print Sec Tech Day 2017 sponsored content
© 2002 – 2017, John Obeto for Blackground Media UnlimitedFollow @johnobeto