This InfoWorld column explores an oft-overlooked security vulnerability: networked printers. The devices -- which in essence are sophisticated computers able to reach beyond the enterprise from behind the firewall -- are spread like ornamental plants throughout an office.
Unfortunately, few people stop to think of the danger they represent. The columnist points out that each of the features being poured into networked printers -- such as fax functionality and Telnet and FTP servers -- pry the security lid a bit further open.
Vendors are taking heed. Last month, for instance, the Troy Group, which specializes in "secure output solutions," added the MICR 2015. The device customizes the Hewlett-Packard P2015 LaserJet Printer with lockable trays the Toner Secure Cartridge.
Ricoh Americas also is reacting to the challenge. The newest version of its Print and Copy Control software -- PCC v3 -- improves efficiency of printers by facilitating better control and accounting. The software, described in this eWeek article, also increases security by demanding a PIN code, user ID and password or identification card to use the printer.
A non product-oriented look at printer security, "Securing Printer Usage in Windows Server 2003," is available at WindowsNetworking.com. The first installment looks at creating a single print queue for all network servers. The second deals with securing that queue and the third discusses auditing networked printer use. The stories -- the second and third are linked to from the first -- focus on the Windows Server 2003 and are quite detailed. However, many of the concepts would be applicable in other environments.
Networked printers perfectly fit the definition of hiding in plain site. Not paying more attention is an egregious oversight. While esoteric security steps such as network access control (NAC) and intrusion detections systems (IDSes) aim to thwart carefully hidden foes, it seems a bit ironic that a huge security vulnerability is sitting in the middle of myriad offices, just waiting to be exploited by audacious hackers.