An employee at an investment bank read documents left on a shared printer. They contained information about upcoming mergers and investment decisions, and the employee used that information for his own financial gain.
One network-connected printer at a large beverage manufacturer ran out of ink, and continued to send out messages to all connected network segments. Those repeated messages crashed a dozen programming logic controller devices, and rebooting them halted production for hours.
An outsider attacker exploited a network-connected, multi-function printer still running its default settings, which allowed the hacker to execute new code on the hard drive. The printer was an active device on all VLANs on the corporate IT network. Despite a strong security posture of VLAN security and firewalls, the malicious rootkit gave the attacker access to all of the network’s segments.
As you can see, these security lapses had nothing to do with a missed software patch or hole in a firewall. They all stemmed from a failure in printer management and security.
What can be done? Printer manufacturers are responding and building new security features into their newest devices, but IT must play a role in improving printing security, as well. It’s time to stop ignoring the printer when developing a security plan, and consider it part of a broader security posture.
Does your printer have a brain?
Printer manufacturers have responded with new software and controls that can help IT better secure printers. Let’s examine three new security features that manufacturers have developed.
1. Self-healing BIOS: New printers are equipped with software that works behind the scenes to validate the integrity of the BIOS at every boot cycle. If a compromised version is discovered, the device restarts itself by using a secure “golden copy” of the BIOS.
2. Run-time intrusion detection: Detection software can spot anomalies during complex firmware and memory operations, and if an attack occurs, the printer shuts down and reboots.
3. Whitelisting: Firmware protections that prevent malicious code from co-opting a printer, whitelisting ensures that only authentic manufacturer codes are loaded into the printer’s memory. If a tampered code is detected, the printer restarts to a secure state.
These security features add a new layer to the defense in depth approach, and remove some risk of data breaches from your printer. Of course, IT must develop a well-rounded approach to printer security, which may include authentication controls, device security like firewalls and locking trays, and data encryption during transit.
Conducting an assessment of your printer security will spot shortfalls now, rather than after a data breach has occurred.
Another a layer to a strong defense
A defense in depth network strategy is built on the idea of multiple security components working together to protect the network. These layers of security cover everything from next-generation firewalls to patch management, but printers are often the weak but hidden link in network security. Here are three ways to remedy those weaknesses.
1. Require authentication: One way to strengthen printer security is through access controls and authentication for a printer. In this scenario, employees create usernames and passwords to access a device’s resources. In practice, employees must enter their credentials on the printer after sending the device a request.
2. Always monitor and manage a device: You should never set up a printer and forget about it: It’s another device on your network that requires maintenance and regular service. Printers should be configured with precision to match your organization’s policies and network settings. Because rogue deployment is common (“We needed a new printer, so we just went out and bought one”), the IT environment should be regularly monitored to detect these off-the-books devices.
3. Physical device security is a real option: Today’s printers come with an internal firewall that can prevent unauthorized packets of information from communicating with the device, but that firewall must be tweaked to match the environment’s security posture. IT can also enable or disable a printer’s ports, which will strengthen the security of the printer by restricting access and reducing the entry points attackers often exploit.
Don’t become another story of a security failure due to printers. Look for the newest security features and reassess your network to root out any vulnerabilities.
Contact your SHI representatives to get more information about these new printers; SHI also offers free assessment of up to 20 HP devices and reviews risk assessment reports.