Covering Your Security Bases

by Michelle Frey

With the proliferation of “connected” devices in today’s world, security threats are not limited to just your computer.

One avenue of vulnerability that has developed, as the devices themselves have evolved, are Multifunctional Print Devices. The print devices are typically network connected and provide both input and output of data while communicating with other nodes on a network. This can lead to a vulnerability being exploited if the devices, and their operation, are not hardened to some degree.

Some vulnerable points are:

  • Open device interfaces and systems via default passwords
  • Unencrypted traffic to and from the device
  • Job Data remaining on the device, whether in hard copy or electronic form
  • Ability to “inject” unauthorized firmware or code (malware) onto the device
  • Unauthorized use of the device

Without understanding all of the possible entry points it can be difficult to mitigate the exposed areas. OMNI prides itself on helping customers not only understand these areas, but to also secure the devices as much as possible.

Perhaps the easiest vulnerability to mitigate is the system access login. OMNI will change the initial default password and recommend that the customer change it to a strong login that only the customer keeps a record of. This will prevent unauthorized users from accessing the system settings and potentially opening a “hole’ in the security framework.

When transmitting data to and from the device (data in motion) in the form of scanning and printing, OMNI recommends that encryption be used to prevent anyone that may be “listening” on the network from picking up any data that can be used.

Encryption also applies to the issue of job data stored (data at rest) on the device, such as held print jobs. As part of our setup, OMNI enables the data overwrite systems for the processed job data sent to the hard disk drives. This eliminates actual job data from remaining on the device. Jobs are automatically overwritten after each job is processed.

By offering devices that utilize “Trusted Platform Modules” (TPM’S), OMNI ensures that the devices cannot be injected with malware via unauthorized or modified firmware updates. Only manufacturer supplied updates are accepted by the device to be installed onto the system.

Another factor that is always in play with security is the human factor. People make mistakes which can lead to securFity events. By requiring features such as user logins and restricting access to only the functionality necessary to complete their work, like only giving them access to their specific scan destinations, security threats are reduced. Print job release (Follow-You printing) via logins also prevents print jobs from laying on the device where unauthorized personnel can view them.

There are several other settings and practices that can be employed to greatly reduce security threats on Multifunctional devices. OMNI can work with your team to review your current security profile and offer suggestions on how to improve your stance.