Is your office printer secure?

Proposed certifications will ensure the security of printers, faxes and security cameras against potential hacking attempts

Hackers may be using your office printer as a conduit for criminal activity. Think about it: A printer in today's office environment often saves on its hard drive all images of documents that are printed, scanned or faxed. Therefore, hackers who know anything about accessing files on a network might easily gain access to that sensitive data (Read about some of the security features on modern printers in Joe's Office: Secure Printer).

This kind of threat is too frequently overlooked, according to ISCA Labs, a security products testing and certifications firm. ISCA said Monday it is introducing new certification and assessment programs that will address security threats posed by networked devices such as printers, fax machines and security cameras (See also: How Will We Secure the Internet of Devices?). The programs, known as Network Attached Peripheral Security (NAPS), will include a vendor certification program. The class of network-connected devices addressed by the program will include printers, faxes, point-of-sale systems, copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems, said George Japak, managing director, ISCA Labs.

"You have UPS systems, you have power strips, I could go on an on about the different devices that are being connected with this functionality"

Network-connected devices, according to Japak, can pose as much risk as an unsecured server on the network but are often ignored and are typically not securely installed or configured by end-users, he said. Network-attached devices, like network servers, are at risk for unauthorized access and data breach, denial of service attacks and can even propagate worms like Code Red Nimda. However, specific statistical data to back up the severity of the security issues posed by network-connected devices is scant. ISCA referred to figures from the Verizon Business 2009 Data Breach Investigations Report which finds many breaches occur through what is called "unknown, unknowns," which can involve systems such as printers and faxes. No further data about specific attacks or incidents was available from ISCA.

"Based on the feedback from current and prospective customers, this is going to be or have the potential to be a significant issue and problem with enterprises as they continue to deploy these devices," said Japak.

Networked-device security is certainly not a new issue and the potential for security problems with devices has been talked about for several years now (See: When Everything's Networked). Printer security has also received attention from other organizations. Earlier this year, the IEEE released new security standards for networked printers that include specifications and a checklist for printer security requirements. The standards, known as the 2600 Profile requirements, were created by IEEE in a joint effort with Xerox and were created to give printer vendors basic security requirements when developing devices. Japak said ISCA is still reviewing the IEEE standards to determine who they will fit in with the NAPS program.

The NAPS certification will target device manufacturers and will include rigorous testing that examines several different aspects of a device and how each impacts its overall security. ISCA is also hoping to gain attention from enterprise clients concerned about device security with a NAPS assessment program that offers an evaluation and report with results of testing and recommended configuration instructions.

Join the PC World newsletter!

Error: Please check your email address.

Tags Printerssecurity

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joan Goodchild

CSO (US)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?