Is your office printer secure?

Proposed certifications will ensure the security of printers, faxes and security cameras against potential hacking attempts

Hackers may be using your office printer as a conduit for criminal activity. Think about it: A printer in today's office environment often saves on its hard drive all images of documents that are printed, scanned or faxed. Therefore, hackers who know anything about accessing files on a network might easily gain access to that sensitive data (Read about some of the security features on modern printers in Joe's Office: Secure Printer).

This kind of threat is too frequently overlooked, according to ISCA Labs, a security products testing and certifications firm. ISCA said Monday it is introducing new certification and assessment programs that will address security threats posed by networked devices such as printers, fax machines and security cameras (See also: How Will We Secure the Internet of Devices?). The programs, known as Network Attached Peripheral Security (NAPS), will include a vendor certification program. The class of network-connected devices addressed by the program will include printers, faxes, point-of-sale systems, copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems, said George Japak, managing director, ISCA Labs.

"You have UPS systems, you have power strips, I could go on an on about the different devices that are being connected with this functionality"

Network-connected devices, according to Japak, can pose as much risk as an unsecured server on the network but are often ignored and are typically not securely installed or configured by end-users, he said. Network-attached devices, like network servers, are at risk for unauthorized access and data breach, denial of service attacks and can even propagate worms like Code Red Nimda. However, specific statistical data to back up the severity of the security issues posed by network-connected devices is scant. ISCA referred to figures from the Verizon Business 2009 Data Breach Investigations Report which finds many breaches occur through what is called "unknown, unknowns," which can involve systems such as printers and faxes. No further data about specific attacks or incidents was available from ISCA.

"Based on the feedback from current and prospective customers, this is going to be or have the potential to be a significant issue and problem with enterprises as they continue to deploy these devices," said Japak.

Networked-device security is certainly not a new issue and the potential for security problems with devices has been talked about for several years now (See: When Everything's Networked). Printer security has also received attention from other organizations. Earlier this year, the IEEE released new security standards for networked printers that include specifications and a checklist for printer security requirements. The standards, known as the 2600 Profile requirements, were created by IEEE in a joint effort with Xerox and were created to give printer vendors basic security requirements when developing devices. Japak said ISCA is still reviewing the IEEE standards to determine who they will fit in with the NAPS program.

The NAPS certification will target device manufacturers and will include rigorous testing that examines several different aspects of a device and how each impacts its overall security. ISCA is also hoping to gain attention from enterprise clients concerned about device security with a NAPS assessment program that offers an evaluation and report with results of testing and recommended configuration instructions.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Printers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joan Goodchild

CSO (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?