Printing is perhapsin a cyber context. As printers evolved and their feature sets expanded, it became commonplace to encounter printing devices related to the internet, sensitive networks, or both in the workplace. Still, while the prevalence of connected (MFPs) enhances convenience and productivity, it poses technological and physical security risks. Businesses must ensure a print security strategy, from managing and securing paper in to connecting the devices.
Printer devices are commonly overlooked within security audits as they are often not perceived as complex computers. In addition, many printers are prone to crashing when scanned. Thus the risk of disruption typically leads to only a cursory review being conducted, even when these devices are within the scope of an assessment. This approach may give the impression that printers do not pose a risk to an organization, a false sense of security. Security research identifies severe vulnerabilities and gaps in protecting these systems year after year. Before looking at how we canprinters, and printing may pose to an organization, we must look at the common risks:
- A compromised, internet-connected printer to an attacker into internal networks.
- A compromised network-connected printer could allow an attacker to persist within a network, most likely unnoticed.
- A compromised printer may divulge to an attacker, such as the documents being printed.
- Printed documents may be sensitive and stolen if not physically secured or destroyed.
- A physically and technically insecure printer may allow malicious to be installed, for example, via exposed USB ports.
While non-exhaustive, these are critical risks a potentially vulnerable printer or printing process could present to an organization. A secure print strategy should consider points that reduce the risks noted above and the threat posed by those using the printer and.
Considering the above risks, there are severalof successful attacks.
Inventory and monitoring
Security monitoring and inventory is the first step to understanding the baseline security posture of printers within an organization. It is crucial to know what firmware version is in use, whether a default configuration (and thus default password) is set up, or whether any anomalies are present.
Ensure the printer’s firmware is up to date and the configuration hardened
While you cannot protect against unknown vulnerabilities, organizations can reduce the risk of exploitation by ensuring a set design andis in use. In order of priority, organizations should provide:
- The following authentication is enabled with a unique, solid, and non-default password.
- The device’s firmware is the most recent and regularly updated.
- Any unnecessary services and features are disabled.
- Document caching settings as disabled where possible.
- Features such as sending documents via email or uploading to sharing portals are appropriately restricted to only allow sending to trusted domains and authorized providers.
These steps can help prevent attacks such as credential theft if a device has credentials stored, where, for example, previous episodes have seen LDAP credentials extractedwith rogue, attacker-controlled devices.
Isolate your printers where possible.
While it may not be practical to isolate your printers at the network level fully, care should be taken to ensure all printers can onlyworkstations. In addition, printer from management-designated systems.
This helps prevent lateral movement to sensitive systems if a connected printer is compromised andto printer management interfaces from unauthorized users.
Regularly monitor your printer’s paper output and printing area
The printer’s location should be reviewed periodically to ensure no sensitive documents are left unattended. Where possible, clearly labeled bins and shredding devices should be present close to the printing station, and employees should be encouraged to use them to dispose of secure documents.
Implement secure pull/FollowMe printing.
Secure pull and FollowMe printing ensureand printed once the authorized user has authenticated with the device. This is a safe way of ensuring printed copies don’t reaches the printer.
Ensure printers are included within the scope of penetration tests
Printers tend to be excluded from, as they are either overlooked by the organization or considered fragile by the vendor. For example, security scanning can cause them to crash, so they are often implicitly not robustly assessed.
Printers should be included within the scope of penetration tests with explicit checks for common misconfiguration and aif these devices are disrupted (such as testing outside of busy periods and having someone present to reboot the devices if required).
Educate users to ensure documents remain secure.
users is an integral part of security. Steps should be taken to ensure confidentiality, protective markings, and good practice around handling sensitive materials.
Ensure secure decommissioning takes place.
Where possible, printer hard drives should be encrypted where supported and securely wiped. This can help prevent efforts if a malicious individual steals or obtains a printer.
Implementing these measures can significantly reduce the likelihood of successful attacks and help detect any potential attacks or points of entry before attackers exploit them.
Josh Foote is a cyber security expert at.