Why You Should Secure Your Print Environment
Does your organisation print documents containing the following information?
- Customer Name, Address or Contact Numbers
- Customer Account Numbers
- PPSN/Social Security Numbers
- Financial Data (credit card, bank account no. etc)
You probably wouldn’t store this information in a location where anyone could access it. Yet the traditional method of printing allows for this information to be left unattended in a printers output tray.
Organizations devote a huge amount of time and resources to secure their IT environment to prevent data leakage, virus infection and unauthorized access. A typical IT department will have implemented most or all of these;
- Active Directory – to authenticate and authorize users and enforce security policies.
- Security Groups – to assign access to resources and ensure data access is limited only to those that should have access.
- Firewall Rules – to protect the network from unauthorized access.
- Intrusion Detection Systems – to monitor the network for suspected unauthorized access.
- Hard Disk Encryption – to safeguard data on lost/stolen devices.
- Pseudonymisation of Data.
These are all sensible approaches to security, but Print Security is often excluded from otherwise solid security strategies.
Layers of security measures are applied to the digital data, but as soon as you press the print button you strip all these layers away. The digital rules protecting the soft copy are not inherited by the hard copy.
There is no longer a security group protecting the data, or an authentication system auditing who has accessed the document. If an unauthorized user accesses hard copy data, it may well go undetected. The data is now in the public realm, viewable by anyone inside or outside of your organization. You are now depending on human behavior to ensure the data is kept confidential.
“61% of data breaches within companies with fewer than 500 employees involve paper records”
What can be done to protect Sensitive Data entering the Printing System?
Our approach focuses on the following three parts of the print environment;
- Securing the Print Process
- Securing the Print Data
- Securing the Print Device
1. Securing the Print Process
The first step in securing your print environment should be to enforce secure printing as standard. This can be achieved locally on a per device level or centrally via print management software such as Uniflow or Papercut.
Modern MFD’s can be configured to Enforce Secure Printing locally. Print jobs configured to output directly at the device can be either dropped or routed to the secure queue. A user must then authenticate themselves at the device in order to release their job.
Authentication provides an added layer of security and accountability. Uniflow and Papercut can provide authentication via Proximity Card, Active Directory and/or PIN login.
In fact, most devices have their own built in authentication systems, which work quite well if you have one or two devices. If you have a fleet of machines you can link the device to Active Directory via proximity card. This provides an efficient login mechanism that is linked back to each user’s domain account. Prints, copies and scans can then be allocated to the domain user giving you a clearer picture of you print costs.
2. Securing the Print Data
What’s in a filename?
Picture the scene: Your HR department sends some confidential jobs to print, but there is a problem with the printer. This could be a paper jam, toner request or print driver issue. These jobs will sit in the print queue until the problem has been resolved.
You now have two issues;
1. The print job filenames are visible to all users of the shared print queue. If sensitive information is contained in the document filenames this is a serious data breach.
2. These jobs will be printed to the devices output tray when the error is resolved – available to anyone to pick up and read.
There are several ways to combat this. We can encrypt the print job’s filename as well as the data contained in the document.
We can also instruct the printer to cancel any document that has failed to print due to an error at the print device. This could be a jam, service error or toner issue. If the printer is unable to print the document while the user is at the device, it will cancel the job to ensure it is not left at the device unattended, therefore preventing any data breaches.
Encrypting your print data
Under normal circumstances when you send a print job the content of the document is sent to the printer in plain text using either PCL or Postscript Printing Language. Any sensitive data within the document, such as a name, address, PPS no. or credit card is unprotected and can be used for malicious intent. A user with moderate IT skills could intercept the data and convert it to PDF using freely available PDL conversion software.
Our Uniflow print management application can secure your print environment by encrypting all traffic to and from the printer using Advanced Encryption Standard AES-256. Print traffic is encrypted at the print server, sent to the printer and then decrypted before it is released from your secure print queue.
For non-Uniflow customers we can apply Print Encryption Kits that provide the same level of security.
When scanning documents, the traditional method is to add your email address to the address book. This allows for human error in selecting the email address and could possibly allow a user in your organisation to send confidential information to the wrong person.
Uniflow can force the devices to only allow a user send to their own internal e-mail address. This prevents the human error factor and ensures your information stays in house.
If you scan financial information such as bank account or credit card numbers you should really be password protecting the documents. This can be done locally at the device with a PDF encryption kit or through a Uniflow Scan device license.
3. Securing the Device
Tighten Device Security
Modern print devices come with a wide range of protocols to ensure compatibility with your infrastructure. Not all of these are required and some can pose a security threat.
Default Printing ports
A recent exploit of the default printing port 9100 saw hundreds of thousands of racist flyers printed across Universities in America. The attacker took advantage of the default printing port 9100 to send a postscript file that contained racist content. In this case, the attacker found internet connected printers that had port 9100 left open. Having your device available over the internet is very insecure, especially if you are using the default printing port.
This exploit could also be exploited on non internet connected devices. An attacker merely needs access to the network in order to send a file via LPR, IPP or port 9100.
To safeguard yourself from such attacks I recommend disabling Internet Printing Protocol (IPP) ports, Line Printer Daemon (LPD) ports, and port 9100 on your print devices.You could also utilize your devices inbuilt firewall to only allow printing from specific IP ranges. An Access Control List could also be used to ensure only authorised users are given printing privileges.
SNMP is a useful tool for monitoring network devices. However, SNMPv1 contains known vulnerabilities and is less secure than SNMPv2/3. The default SNMP community name is set to Public on most network enabled devices. You should consider changing the default community name or alternatively disabling SNMPv1 altogether.
SMB is widely used to allow sharing of files/printers over a network. On a multi functional device, SMB allows you to scan documents direct to a network share. SMB v1 contains vulnerabilities that allow a remote attacker take control of an affected system. If you’ve heard of the Wannacry ransomware attack you may already know that SMBv1 is the method of infection. SMB will always use the highest version available to it. Modern Operating systems all support SMBv2/3 so disabling v1 makes sense to limit your risk of infection.
Access Control Lists
In large organisations you might want to restrict the use of certain devices. The marketing team might have a high-speed production device that is business critical. Uniflow allows you to apply an ACL to individual printers dictating who is allowed to login to the device and print. In an educational environment you may have some machines dedicated to staff and some to students. ACLs are a good way to prevent students being able to login to the staff devices. Additionally ACLs can be used to prevent the use of USB devices and to restrict device features for certain users.
Hard Disk Encryption
The latest multifunctional devices come with hard disk encryption as standard. This safeguards your data from malicious users by ensuring the data cannot be read if the hard disk is analysed. All data on the hard disk is encrypted including image data, address book information, network settings and print logs.
If you have an older device we can apply a HDD Encryption kit that will safeguard your devices and help you to comply with corporate security policies.
In addition to HDD Encryption we can supply a facility that erases the data in real-time. As soon as the device uses the data it is deleted. The data erase facility can utilize the Department of Defence’s highest standard DoD 5220.22M to ensure all files are completely unrecoverable.
An authentication system can also be used to ensure user’s only have access to the features they need. Device access can be set to allow IT users full access to the devices system settings while regular users can be restricted to print, copy & scan.
There are many levels available in terms of print security. Whether you need all of these features depends on the type of data you print. Sensitive customer data such as contact information, financial data or account information should not be left sitting unattended in a printers output tray. At a minimum you should ensure these types of documents are printed securely.
Your print devices themselves may also pose a security threat. Reviewing the ports and protocols a device uses can help to understand where these threats can be secured.
If you are interested in improving the security of your print environment our team can carry out a free print security audit. We will provide recommendations on how you can comply with new GDPR regulations, protect your data and prevent data and security breaches.
For further information please contact our team on firstname.lastname@example.org