The six greatest security dangers that every IT professional should know about their Office “Copier”

January 30, 2010

First some history & background of the Office Technology Industry:
Xerox Corporation invented the copier in 1949, and led the office equipment industry until the 1970s when Japanese rivals entered the market. Companies like Canon & Minolta & others offered cost effective alternatives to Xerox.

The 70’s, 80’s and early 90’s saw the rise of Independent Copier Dealers in the US market place, providing their customers with great local service on a wide variety of office technology products. In the late 90’s we saw a large consolidation in the Industry. Holding companies like Ikon, Danka, and Global began to buy up a large number of independent Copier Dealerships around the country.

The 2000’s
In the next decade (2000s) two of these three national holding companies struggled financially, and by the end of the decade all three had been sold off to specific Copy Manufacturers (Ikon to Ricoh, Danka to Konica Minolta, and Global to Xerox). During this same time there were a number of large regional Independent Dealerships that not only survived but thrived by continuing to provide quality products and great service to their customers.

The Copier becomes an MFD (Multi Functional Device)
In the early 90’s the digital copier was introduced to the US market. Initially these were sold as standalone devices, but it wasn’t long before the Manufactures began to add functionality to them. The first breakthrough was the addition of printing & faxing to the “copier”, and scanning soon followed. Now manufacturers offer a plethora of software options that can be installed directly into the MFD further extending and enhancing the capabilities to integrate these devices into the network and with your back end servers.

Why should your IT Department care about the “Copier”?
For most of the life of the Copy Machine it was completely and totally in the domain of Purchasing. But when the Copier became an MFD and we put it on your company’s network it now involves the IT Department. Today the IT Department must be involved in the purchase and installation of the Multi functional devices (MFDs). These are not your father’s copy machines.

What type of support does your company need for a Multi Functional Device (MFD)?

Your Office Technology Dealer needs to have a proven track record in not only servicing the actual device, but also has the resources to install & support them on your network.  This support is most important to your companies IT Department. It is crucial that you make sure that your Office Technology Dealer has this type of support.

The 6 greatest security concerns your IT department should have regarding the MFD

To secure the Copier \ MFD we need to consider the following topics:

1) Securing the Data on the Copier \ MFDs Hard Drive
a. Real time (while the MFD is on your network)
b. End of life (before you decommission or repurpose your MFD)
2) Controlling Access to the Copier \ MFDs (Is your cleaning crew making copies at night?)
a. Security & convenience has arrived (integrating the Active Directory with the MFD)

3) Controlling Access to the functions of your MFD (who gets to scan to email, scan to a thumb drive,               print securely, or access the MFDs web page? And what ports are open?)

4) Securing the Data that is sent from your copier (email is not an inherently secure media)

5) Securing the MFD on your network (settings & protocols to harden your MFD)

6) Updating the Copier \ MFDs firmware (how to stay current with security patches, bug fixes, & firmware)

The following three security themes also need to be discussed to understand the organization’s culture & needs.

• Confidentiality: Prevent the disclosure of data to unauthorized users

• Integrity: Insure data is not altered either maliciously or accidentally

• Availability: Maintaining data availability to legitimate users

Let’s look at each of these topics and themes in more detail.

Multi Functional Devices (MFDs) = Copier or Network Node?
Modern day MFDs have Hard Drives, RAM Memory, Operating Systems, and Display monitors. They are more like Computer Nodes than old time Copiers. And as such the IT Department needs to be aware of how to secure the MFD while still making it functional for your end users.

Topic 1: Securing your company’s data on the hard drive of your MFD.
There are two separate concerns about data on the Hard Drive.

A.    The first is real time, while the MFD is currently in use and on your network. Whenever a document is copied, faxed, scanned, or printed an image of that document is written to the hard drive of the MFD. That’s the bad news. The good news is that on some MFDs (like Canon) even the basic hard drive with no options does not keep the image on the hard drive on contiguous blocks. And the data is compressed in a proprietary file format (not readable outside of MFD).
But if this is not enough Hard Drive security there are a few other options that make meet your needs. There are Encryption Kits, Disk Overwrite kits, and removable hard drives (that can be locked up when not in use). It is not likely that you will need all of these, or even any of these on all of your company’s Hard drives, but you may need one or more of them on specific MFD based on the type of data being placed on the MFDs hard drive daily (Legal Dept, or HR could be possibilities).  While no one particular security technology can make a company meet their security compliance regulations (like HIPPA or SOX) they can be a part of the company’s compliance strategy. Note: Canon has recently added a TPM (Trusted Platform Module) on the new line of Canon ImageRUNNER-Advance, once it is turned on the Hard Drive, as well as several other components will work in no other Canon Device.

B.    Each of the above technologies is designed to keep your data secure while the MFD is actively in use. The next concern is what you do with the Hard Drive when you are ready to decommission or repurpose the MFD (like moving it to a new department). Most companies have policies they enforce on the decommissioning of their PC’s hard drives, but these policies are not typically enforced on their MFD Hard Drives, they should be! At the very least service technician should be called before the MFD is turned off and removed so s/he can format the hard drive.

If you have a Disk Overwrite option or an encryption kit on your hard drive you will have less of a concern returning the hard drive than if it is simply the standard hard drive.  Some companies actually buy brand new hard drives and install them on the MFD before they decommission them. They then have the hard drives that have been removed and have them “chipped”, run through a chipping machine to physically destroy the hard drive. You may ask why not just destroy the hard drive and be done with it? If you own the MFD this is an option for you, but most companies lease their MFDs. And at the end of a fair market lease you need to return the MFD to the leasing company (who actually owns it) in working condition. If it shows up in non-working order they charge you a premium price to get it back to a working condition. This is not a cost effective decision.

Note: You could also consider “secure erase” technology where the hard drives are guaranteed to be wiped beyond forensic ability to recover any data off of them. But no matter which option you choose you will need an Authorized Service technician to reload a clean copy of the Operating System (OS) on to the hard drive that is being sent back to the Leasing company.

Topic Two: Controlling Access to your Copier \ MFD
For many companies the copier is wide open, available to anyone to walk up and make a copy. In other companies it is locked down completely. You cannot use any of the functions without first Identifying yourself in some manner (ID Code, Active Directory Login, Security Card, other). With some of the latest crop of MFDs you can lock down only certain features (like Scan & Email, Color Printing, or the ability to add an email address that is not already in the MFDs address book).

The biggest drawback to securing the copier \ MFD has always been the inconvenience to your end users.
Anyone who has to login to the copier 12 times a day to make a simple copy will likely lead an armed revolt against the person or people who secured the copier. In all but the most secure environments it has been extremely difficult to do. But that was before we were able to combine an Active Directory Login with a Security Card (Proximity, or Magnetic swipe typically). This allows us to bring together on the MFD two separate security technologies that are often already in use to give the end users and the company “security with convenience” (two words that have rarely used in the same sentence). The addition of real, physical keyboards to the MFDs have also added to the ease of use for the End Users when they need to log in to the MFD.

Authentication is the foundation of securing the MFD. If you don’t identify who wants to use a resource (like an MFD) you can’t make an informed decision as to what they should or should not have access to.

Topic Three: Controlling Access to the functions of your MFD

MFDs can either greatly enhance your company’s productivity or be a license to steal confidential company information. How you choose to configure it can make all the difference.
Once you have Authentication in place on your MFD you can set up policies as to who gets to access what functions (Color, Scan to email, Fax, Printing) on the MFD. For instance many companies want to make Color \ B&W MFDs available across their enterprise but they are afraid that the use of color printing will get out of control. Once you have defined who or what group(s) job description entitles them to print & copy in color they can be given the access where others can only print or copy in black & white. You may allow everyone to scan in color, since it does not cost the company anything more to scan in color.
Another simple example could be “guest” usage of your MFD. You may have visitors that you want to give the courtesy of using the MFD to print or copy in black & white, but you don’t want to give them the ability to fax or scan & email sensitive document outside of your company. Security on the new batch of MFDs is much more granular where the older ones were more all or nothing security. An added benefit of authentication is the ability to track & audit end users and what they are doing on the MFDs.
Some companies only lock down the functions that they want to control, like color or Scanning. And they leave the functions that they don’t need to control wide open. When an end user approaches the MFD they can copy, print, or Fax in B&W without any login, but if they want to do it in color or scan & email they must authenticate or enter a ID code.

Topic Four: Securing the Data that is sent from your copier
Compliance drives many companies to implement better security measures. If your company sends confidential information you will need to add security measures before you can implement Scan to Email.
Scan to eMail: Email is inherently an insecure media. The MFD can have added security measures to either encrypt the PDFs or even assign profiles (by tying it into Adobe LiveCycle), or simply limiting the email so that it can only scan to the companies email server but the MFDs cannot scan THROUGH the email server. This will allow the email to get to the internal users, but not out to the rest of the world unless resent by the company’s email client which may have encryption built in. You can also add an Adobe Digital Signature to certain MFDs to guarantee the integrity of the PDFs you send.
MFDs Address Book(s): A modern MFD can easily be set up to search the Companies Active Directory to find an email address or fax number. Making it less necessary to set up a local address book on the MFD. Leveraging the company’s LDAP or Active Directory will lighten the work load on the IT department as people join or leave the organization.
Adding Software Clients to your MFD: Modern MFDs can also be loaded with client software which can make them on ramps to company servers. Many companies have invested in Fax Server or Document Management systems that they would like to be able to easily access on an ad hoc basis. These MFD clients can make the same security policies and functionality available to the end users even when they are sending documents from the MFD.
Secure printing: Secure printing can be implemented in a number of ways. Print to a secure Mailbox on the MFD and then enter a pin code to release the job. It is also possible to secure the print stream (via encryption) so that it cannot be intercepted.

Topic 5: Securing the MFD on the network
At one prestigious university they told me that the average time it took for a new MFD to get hacked on their network was six minutes. Another Ivy League University set a security policy for their MFDs before any new MFDs were put on their network: Here is a sample of some of the things that can be done to harden your MFD.
•    DHCP must be turned on for all MFD (reservations by MAC address are common)
•    The firmware in use on any MFD must never be more than two revisions old
•    If remote configuration and support is to be utilized, utilize secure protocols (https over port 443)
•    Any unused ports must be disabled (FTP service must be disabled)
•    The SNMP community string must be changed from the factory default (public)
•    A PIN, password, or passphrase must be used to protect the configuration menu on the MFD
•    Access controls to the MFD should be IP filtered, MAC filtered, or through the use of network print servers

Topic 6: Updating the Copier \ MFDs firmware
All manufacturers release updated firmware, security patches, and bug fixes over the life of the device. These are only available to Authorized service providers. It is one of the main reasons that you want to make sure your Office equipment is serviced by an Authorized Service provider.
You wouldn’t consider putting or keeping a non-patched Server on your company’s network, neither should you have MFDs on your network that are not patched with the latest firmware or security updates.
Some MFD manufacturers have begun to make it significantly easier to update the firmware. In some cases the process can be automated like a Windows Update, or a technician can flash the MFD from a thumb drive.  Making it easier ensures that it will be done regularly.

In Closing: There are many security features, functions, configurations and options that can help your company better meet your security goals. A partnership with an Authorized Service Provider should be leveraged by the IT Department. With your IT Departments expertise regarding the company’s network environment and corporate policies and the Authorized Dealers expertise on the equipment and options a comprehensive security policy can be developed and implemented for your Multi Functional Devices.

That’s my $0.02

Vince McHugh



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: