Search Priceless Ink & Toner Blog

Monday, November 09, 2009

Network Copier Security: Are you doing enough to protect information assets?

Secure Printing Remember Harold Nicholson, the former CIA agent who was convicted of spying for the Russians? Arresting in 1996, he is now serving a 23-year prison sentence for passing sensitive photos and documents to Russian handlers. In exchange for that information, Nicholson was paid $300,000 in cash. This story resurfaced as Nicholson allegedly enlisted his son to collect an additional $35,000.

A more recent lapse in security occurred when a New Zealand man discovered confidential files on an MP3 player he purchased in Oklahoma. The device contained home addresses, Social Security numbers and cell phone numbers of U.S. soldiers, along with military mission briefs and lists of equipment deployed to Afghanistan and Iraq.

These breaches illustrate that people intent on seeking personal financial gain are an ongoing threat, as are those that mishandle mobile technology–MP3 players, laptop computers, USB thumb drives, or any other digital media.

With that reality comes an imperative to prevent sensitive information from falling into the wrong hands. This has never been more urgent as layoffs reach historic highs. Indeed, with every pink slip comes the very real threat of information theft. Case in point: A Symantec and Poneman Institute survey found that more than half of workers who lost or left a job in 2008 said that they stole confidential company data. What’s more surprising, this same survey found that 82 percent of IT departments said no audits of paper or electronic documents were done before the employees left their jobs.

Certainly, IT professionals protect their network infrastructure by installing firewalls, reliable anti-virus software and monitoring the network for security holes. However, there’s a vulnerability sitting in full view–the network copier/MFP (multifunctional peripheral).

An MFP integrates copy, scan, fax and print functions into a single platform. However, if not properly protected, these sophisticated network devices pose a potential threat to information security. To address that threat, please read on. We’ve highlighted products that are engineered to help safeguard information assets and increase accountability across an entire enterprise.

Canon U.S.A., Inc.
Canon imageWARE Secure Audit Manager software collect important job attributes, including a physical copy of all processed jobs, acting as an effective deterrent to information leaks. When documents are processed by Canon-branded MEAP-enabled imageRUNNER devices, the software tracks everything that that user does, ultimately capturing and archiving each image in a backend Oracle database. The Keyword Notification feature automatically notifies the administrator via e-mail whenever a pre-set keyword is detected in a scan job. This software provides companies with an effective and efficient tool to monitor the electronic transmissions of hardcopy documents.

eCopy, Inc.
eCopy ShareScan software operates across different MFP and scanner platforms, so scan operations can be performed on the device of choice, for example, a Canon, Konica Minolta, Ricoh or Xerox device, using one intuitive interface. An open architecture is important within mixed fleets, where each device uses its own proprietary functionality. IT administration is streamlined when scan activity occurs at eCopy ShareScan. Moreover, eCopy’s security features can be deployed across all scanning devices within the enterprise-dynamic Active Directory and application authentication, document encryption, job logging, and secure deletion of temporary image files. Regardless of which device a user walks up to, the touch screen, with an easy to navigate graphical user interface (GUI) is the same. That consistent user experience is a key benefit, as is its ability to customize that experience to a customer’s specific application needs, whether to improve business processes or enhance security.

Konica Minolta Business Solutions U.S.A.
Konica Minolta realized early on the importance of security issues in the digital age, where the risk of seriously damaging security breaches rises dramatically alongside rapidly growing worldwide communication possibilities. In response to these threats, Konica Minolta has taken a leading role in developing and implementing security-based information technology in its MFPs. In contrast to other MFPs in the market which are certified based on a security option or a specific function, they engineer and provide ISO 15408 Evaluation Assurance Level (EAL) 3 Security Certification for each product as a total system. Konica Minolta has announced a partnership with ActivIdentity that has produced a Personal Identification Verification (PIV)-Compliant Card System that increases security and document control for customers using Konica Minolta MFPs and printers. Initially available to U.S. Department of Defense customers, the PIV-Compliant Card System can be used in conjunction with the Common Access Card (CAC) as well as the next generation CAC, a PIV-Compliant Identification Card.

Muratec America, Inc.
Muratec’s OfficeBridge™ software solution supports Inbound Fax Routing, enabling users to receive faxes directly to e-mail. With the increased emphasis on security, IT doesn’t want sensitive fax messages printing at the device for all to see; they want to route messages directly to an e-mail inbox. Inbound Fax Archival also serves as a permanent audit trail, as a copy of each received fax is stored to a network folder. The administrator has the ability to retrieve a given document, perhaps in the event of a security breach or litigation. Outbound Fax Archival also captures an image of each document sent outside the organization. Other embedded Muratec security technologies include user authentication, which validates network user names and passwords (through Microsoft Active Directory), password-protected PDF, PIN masking, secure fax Reception and secure print.

Ricoh America Corporation
The GlobalScan Family of products addresses security requirement by using the employee’s existing network log-in credentials (used at their workstations) for authentication at the MFP control panel. Once validated, the user can scan to e-mail, folder, fax and/or DMS. Card Authentication (optional) supports single sign-on and the ability to control access to restricted features. Using HTTPS, e-mail communication from the GlobalScan Server-enabled MFP is secured using 128-bit encryption technology. By leveraging the core security features of compatible MFPs, and GlobalScan Family products, Ricoh provides assurance that information assets introduced into their electronic workflow were fully protected from unauthorized access.

Sharp Imaging and Information Company of America
Sharp MFP log file monitors all device activity for auditing purposes, either on the device itself–where the first page of each scan is retained, or via third-party software, where every page is stored on a back-end server. And with scan to e-mail, authentication rules can be enforced that only allow the employee to scan to their e-mail inbox or desktop, no other destinations. Security is enhanced because documents cannot be sent outside the organization. This type of authentication is associated with an Account Control List (ACL), where permissions are based on authentication settings established by the administrator. Securing network printing is also possible, using PIN Print, where the user must enter a code at the device to release the job; Pull Print uses third-party software to send the file to a server where any authorized individual (on the LAN or WAN) can print the job; My Folder Print uses Sharp’s OSA™ Platform to enable users to browse to and print documents stored in their network folder.

Xerox Corporation
Xerox MFPs are equipped with a wide range of security features to protect data. The Image Overwrite security option electronically shreds information stored on the MFP’s hard drive, either automatically (at job completion) or on demand. Data residing on the hard drive is encrypted, as is data communicated over encrypted network protocols, like SSL, IPSec and SNMPv3. For full access control, authentication and authorization privileges can be granted to all device services on a per-user basis via Active Directory. The embedded fax subsystem separates fax telephone line and network connection to prevent unauthorized access to a user’s environment. And audit log tracking records the date and user of every job the device processes. Secure print prevents the unauthorized viewing of private documents when printing to a workgroup MFP by safely storing print jobs at the device until the user enters a PIN to begin the printing process.

Additional Security Solutions
There are many security solutions available today that address specific vulnerabilities, including, but not limited to, the following:
* CAC (Common Access Card) Authentication: The MFP user inserts their Department of Defense-issued CAC into a card reader attached to the MFP before accessing device functions.
* E-mail Encryption: SSL (Secure Sockets Layer) technology encrypts mail communications so messages can only be read by the recipient.
* Hard Drive Overwrite: After each scan operation, the latent image data stored on the hard drive is overwritten with a random sequence of 1s and 0s. Look for ISO 15408 certification.
* IP Filtering: A host-based firewall filters traffic by IP address and port number.
* MAC Address Filtering: Provides network access control via the 802.1X protocol.
* Removable Hard Drive: The MFP’s hard drive is mounted externally, allowing for removal and storage.
* Network Port Security: System administrator can enable or disable IP ports, controlling the different network services provided by the print controller to an individual user.
* WPA (Wi-Fi Protect Access): Used in conjunction with the IEEE 802.11b Wireless LAN option, to provide assurance that data is protected by allowing only authorized users to access the network.

Original Source: Network Copier Security: Are you doing enough to protect information assets?

Visit our store for high quality copier and MFP inkjet cartridges and laser toner cartridges.


David Corcoran said...

Multi-Function-Printer (MFP) security has become a hot topic in US and other governments as of lately due to some breaches of security when hard disks were removed from MFP's in the past used to gain network account information. We've seen a number of RFP's coming out which now require the MFP's to contain various security features.

The company I work for, TrustBearer Labs, has been doing a lot of work in the secure network access / encryption space and in the past few years a lot of work with these MFP vendors. Specifically, many of them are moving towards smart card based authentication, digital signing of PDF's, encrypted PDF's, secure printing, and other features which require the use of public key infrastructure and hardware tokens for access. This also protects the data that might reside on the disks so that any breach of hardware would have no value in terms of accounts stolen. I suspect as more organizations move to multi-factor-authentication we will see this trend of further security features on MFP's continue.

sgo said...

Great article on the current state of MFP technology. Of concern: the thousands if not millions of older MFPs currently in use that don't have security measures. Consequently, intact hard drives are accessible after the machine comes off lease and enters the wholesale/disposal market, and unfortunately a significant percentage of machines are crated and shipped overseas with their hard drives intact.

Digital Copier Security,Inc has developed a solution and is looking for feedback as well as ways to increase awareness on this data security issue.

Wyatt said...

Yes alot is being done to protect our information on new machines but it seems that everyone is forgetting the unprotected information on the old copier. The copier hard drive in many cases stores up to 20,000 images. Clearing the hard drive also clears the operating system or firm ware on the hard drive and the copier won't work. The company I work for has been testing copiers for years and found a real security risk that few know exists. Today there are about 50,000 copiers sitting in warehouses accross the US waiting to be resold or exported. Our last survey showed 70% of copier returned to a leasing company were exported with information on hard drive intact. read more at

Blog Archive

About Priceless Ink & Toner Company

My photo
Priceless Ink & Toner Company
Since 1999 we have been a major supplier of original brand (OEM), compatible replacement and remanufactured Premium Quality inkjet cartridges, laser toner cartridges and other printer supplies. Our customers range in size and include the United States Government, small and large businesses, schools and individuals. Each of our customers is equally important to us and is treated with the same friendly professionalism. Visit us at Price Less Inkjet Cartridge Co.