A couple months ago, HP held its Print Security Tech Day in Palo Alto. I wasn"t able to attend due to personal reasons, but the firm has been kind enough to send me the presentations from the conference.
If you haven"t guessed by now, it"s about printer security, which covers a wide range of areas. The company says that in a survey of 2,000 IT pros, 56% didn"t see printers as a risk and 46% said that they need additional training for it.
The truth is that printers are a part of the network that needs to be secured, and they can be easily overlooked, making them a target. Vulnerabilities can range from leaving documents in the printer tray, to exposed network ports, to data being compromised in transit.
Your printer has a CPU, an operating system that probably doesn"t receive security patches much, if at all, and truth be told, it"s probably the least secure node on your network. It"s not all that different from a PC.
HP says that there are five key areas of printer security, and the first starts at the beginning: a secure boot process. This includes validating the BIOS when the device is booted, and if it"s corrupted, replace it with a hardware-protected copy of it. This is a feature that HP calls Sure Start.
The term "self-heal" is used a lot here, as the best security measures are ones that can be automated. As anyone with knowledge of IT security knows, the weakest point is always the people.
The same goes for firmware integrity, which the printer also validates upon booting, which is called Whitelisting. As with secure boot, an administrator will be notified of any issues.
Run-time intrusion detection is "continuous monitoring for in-memory malware injection attacks", and as you can see from the video above, the printer will automatically halt all operations and reboot if any malware is detected, bringing us right back to Sure Start and Whitelisting. The algorithm to detect this is inserted into different places in the code, and HP says that those places are random, which would make it harder to corrupt.
Next on the list is continuous assurance of security policy settings. The idea behind this is bringing devices that aren"t compliant into compliance. The tool has an "Intuitive Security Policy editor", which will help the admin to make the appropriate settings.
Finally, the last of the five is real-time threat detection and analysis. This is done with a SIEM, or Security Information Event Management system. This will integrate with other nodes on the network, focusing on one of the top security concerns, which is the exposure of data while it"s in transit between nodes.
One of the solutions that HP provides is called JetAdvantage Secure Print. This makes sure that printed documents can only be sent to authorized devices. This takes a number of risk factors out of the equation, such as an employee that"s working from home and using their own personal printer. It can also minimize other human-based risks, such as sensitive documents that are left out in the open.
These aren"t the old days anymore, when printers weren"t attached to a network. Now, your printer is probably attached to a network cable - if not Wi-Fi - and through that, it"s just waiting for a command.
Part of the problem is that many IT pros don"t take it seriously enough, and if HP knows it, you can bet that hackers know it as well. On top of general negligence, most printers simply aren"t made to be secure, and unlike a modern PC, they receive very few security patches, and this leaves the job up to you.
Luckily, HP is one of the companies that"s doing a lot of work in this area. Being able to check for a corrupt BIOS or firmware is a major step, as is the ability to automatically reboot the device when malware is detected. This is what"s meant by self-healing, as the printer is actually fixing itself. After all, many PCs have antivirus software, so if your printer is even less secure, why wouldn"t that have software to fix itself as well?
Your printer is probably already behind a firewall, so if it gets infected, there"s nothing stopping the attack from spreading across the entire network. As HP points out, your printer is an endpoint, so if you"re an IT pro, it"s certainly something that you should be aware of.