1 / 44

Auditing Security Controls of Printers, Scanners, and Multifunction Devices

Auditing Security Controls of Printers, Scanners, and Multifunction Devices. Brian Rue. Chris Gohlke. 2010 NSAA IT Workshop and Conference. Presentation Agenda. 1 st Half MFD Functions/Services & Security Weaknesses 2 nd Half Preparing a MFD Audit Program. 30’s. In the Beginning….

franklin-prince
Download Presentation

Auditing Security Controls of Printers, Scanners, and Multifunction Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing Security Controls of Printers, Scanners,and Multifunction Devices Brian Rue Chris Gohlke 2010 NSAA IT Workshop and Conference

  2. Presentation Agenda • 1st Half • MFD Functions/Services & Security Weaknesses • 2nd Half • Preparing a MFD Audit Program

  3. 30’s In the Beginning… Not much to audit Chester Carlson with the first xerographic apparatus

  4. The 50’s Manual process – Thermal Paper Transfer Still not much to audit…..

  5. Xerox 914 was the first plain paper photocopier using the process of Electro-photography The 60’s No USB/No Tape Drive/No Hard drive/It did come with a fire extinguisher due to heat & ignition issues

  6. CPU/ Memory – Tape Drive added..

  7. Printer/Copier/Scanner/FAX • Wired Network Connectivity • Wireless Networking Wi-Fi/Bluetooth • Removable Memory • Hard Drives • Operating System • Web Server • User Accounts • Remote Access • Landline Connection • Scan to Network Share or PC • E-mail Integration • Web Submission of Print Jobs • Web Browser The 2000’s

  8. The CBS News Story Video

  9. Understanding the MFD

  10. MFD>A Server with a Glass Top MFD Hardware Components 1. Central Processing Unit (CPU) 2. Memory (ROM/RAM/FLASH) 3. Hard Drive 4. Network Card 5. ABGN Wireless Radio 6. Bluetooth Radio 7. USB Connection 8. Analog Modem 9.Multicard Memory Reader 10. LCD/LED Screen

  11. MFD Breakdown

  12. MFD Software • Operating System -GNU/Linux, VxWorksS, Windows NT 4.0 Embedded, Windows XP Embedded, Mac OS X, Sun Solaris, or Vendor Proprietary OS • Print Engine/Controllers – May be supported by secondary OS • Database(PostGreSQL+) • Drive File System (NTFS/FAT) • Additional Applications (Document Management -Optical Character Recognition or PDF conversion, Software Development Kits – Sharp OSA, Xerox EIP, HP Open Extensibility Platform, Web Server)

  13. MFD Software Security Issues • Security patches not applied to operating system and services with discovered vulnerabilities • No vendor supportfor security patches for proprietary OS and application software • No change management procedures • Software or Operating system vulnerabilities may be used to elevate privileges • Memory storage (hard drive, ROM/RAM, flash drive) unencrypted by default • Hard drive stores spooled and processed jobs in clear text • MFD memory stores documents in clear text during and after processing by default

  14. MFD Services • Apache Web Server • Remote Access (Telnet,FTP,HTTP,SNMP) • Bytecode interpreters or virtual machines for internally hosted third party applications • Network service clients for sending of documents to different destinations • Network service servers for receiving documents for print or storage • Image processing services

  15. MFD Services Security Issues • Unneeded services left on increasing the number of potential attack points into the MFD • Services with security vulnerabilities not patched • No/limited logging of service activity

  16. MFD Network Communications • Common Open Ports/Protocols • HTTP 80/TCP • SNMP 161/UDP • LPD Printing 515/TCP • PDL Printing 9100/TCP • Protocols • AppleTalk • Internet Printing Protocol • PCL • HPPCL Printing Protocol • Telnet • IPX/SPF • FTP • TCP/IP

  17. MFD Network Communication Security Issues • No firewall rule set for ingress (traffic into the MFD) or egress (traffic out of the MFD) filtering • MFD does not support entity PKI strategy (no support for CA certificates) • Print/fax/scan jobs transmitted over network/Internet in clear text • Unneeded protocols and ports left open which increase the number of attack vectors

  18. MFD Wireless Access • Wi-Fi • WEP • WPA • WPA-PSK • WPA-Enterprise • WPA2 • WPA2-PKS • WPA2-Enterprise • No Encryption • Bluetooth • Prior to Bluetooth v2.1, encryption is not required and can be turned off at any time.

  19. MFD Wireless Security Issues • Unencrypted wireless connections transmitting documents in clear text (potential for intercepting documents in the air) • Potential remote attack access point into the MFD

  20. Fax Services • Fax to memory (disk/disk share) • Hardcopy fax printouts • PSTN – analog phone modem

  21. MFD Fax Services Security Issues • Faxes auto print in an unsecured area • No authorization required to verify recipient before releasing fax • Faxes held in unencrypted memory after print • Lack of logical separation of analog modem from LAN (Ability to enter LAN from modem connection)

  22. Drive Shares • Network Drive Share • PC/MAC Share • Printer Hard Drive Share

  23. MFD Shares Security Issues • No auditee procedures for configuring drive shares • Undocumented drive shares • Shares setup without encryption

  24. MFD Management • Device Console • Web Interface • Network client/server enterprise management application

  25. MFD Management Security Issues • Physical Consoles on MFDs Setup Without Pass Codes • Default Web Interface may not require password • Most devices not configured with user or group accounts to authenticate and authorize • Limited to no logging of user activity (console logons, patching, administrative functions)

  26. MFD Repair Procedures

  27. Physical Security

  28. Surplus Device Procedures1. Clean Printer Configuration Files2. Wipe Drives/Memory3. Ensure no Sensitive Paper Copies on Glass or in Machine (legacy paper jams)

  29. MFD Certifications/Acts/Contractual Obligations • National Security Telecommunications and Information Systems Security Policy (NSTISSP) #11 • DOD Directive 8500.1 • Common Criteria (EAL1 to EAL4) • Gramm–Leach–Bliley Act (GLB) • Health Insurance Portability and Accountability (HIPAA) • Payment Card Industry – Data Security Standard

  30. Potential Components of an MFD Audit Program • Network/Server • Shares • Wireless • Access Controls • Physical Security • Encryption • Surplus • Contracts/Leasing • Policies and Procedures

  31. A Majority of Which Fall Into Your Normal IT Audit Program

  32. Since you probably won’t get a ton of audit hours for MFD’s……

  33. Obtain an Understanding and Assess the Risk • Get an inventory listing • Inquire • Observe • Get manuals • Search online for common vulnerabilities

  34. Physical Security • Does the unit have a locking compartment for the hard drive, etc? • Is there a physical reset button that will restore the unit to factory default? Is it secured? • Is the entire unit secured in place, or could it be wheeled out of the building? • Is output secured?

  35. Device Controls • Strong password controls at the console? • Settings/administration locked down to authorized individuals? • Is the web interface turned on? Does it need to be? • Are unneeded network services turned on? • Is wireless on? Does it need to be? Is it secure? • Logs kept/reviewed of administration functions? • Are the logs secured? • Are there security patches for the device and if so are they checking for them and applying them in a timely manner?

  36. Data Controls • Does the device have an option for encrypting/automatically wiping copies after a job prints? • Did they pay for it? • Is it turned on? • If not, why? Do they have a compensating control?

  37. Surplus • Did they lease or purchase? • If leased, what rights do they have to wipe the drive? Is it user accessible? Are you going to be able to audit it? • If purchased, do MFDs fall under their normal PC surplus policies for having devices wiped? • What about when the device is serviced or parts replaced?

  38. Policies and Procedures • As always, the above should be covered by a policy and procedure.

  39. Multifunction Device Resources

  40. http://h20338.www2.hp.com/enterprise/downloads/NIST%20SUBMITTED%20Configuring%20Security%20for%20Multiple%20LaserJet,%20Color%20LaserJet,%20and%20Edgeline%20MFPs.pdfhttp://h20338.www2.hp.com/enterprise/downloads/NIST%20SUBMITTED%20Configuring%20Security%20for%20Multiple%20LaserJet,%20Color%20LaserJet,%20and%20Edgeline%20MFPs.pdf

  41. http://www1.lexmark.com/documents/en_us/1_SecurityBrochure.pdfhttp://www1.lexmark.com/documents/en_us/1_SecurityBrochure.pdf

  42. http://www.aot-xerox.com/files/content/MFPsecurity.pdf http://www.office.xerox.com/latest/SECBR-03UA.PDF

  43. Questions?

More Related