If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Networked multifunction printers are the norm, nowadays, in offices and home-offices across the world.

Priced to pleased and loaded with popular features, they’ve come to be seen as the discreet yet efficient office multifunction sidekicks that sit politely in their place, waiting to receive new jobs, over the network.

What almost everybody forgets it the security risk networked printers represent. Combining several functions in a single unit, including fax, copy, print and scan, these devices are likely to be compromised by hackers.

Since nobody pays close attention to these seemingly mundane devices, they can easily be hacked under the IT Surveillance Team’s radar which, typically, has other (more pressing) threats to deal with, namely on the web server front. In the case of multifunction printers, the attacks are as likely to come from inside the office as from the outside world, which add to the severity of the security risk.

What’s the big deal if the networked printer secretly slides under a hacker’s control?

Well, for one thing, the hacker could view, collect, steal or distribute everything that goes through the device. Imagine your competitor electronically getting all your latest business proposals — that would surely endanger your entire company.

The following types of attacks are most likely to occur within the realm of your office’s multifunction printer so make sure to learn about these attack scenarios:

• DoS - Specialized malware can be programmed to crash printers and scanners, therefore disrupting paper-based business operations.
• Code execution - Hackers can exploit vulnerabilities to load a rootkit into printers, thereby hijacking all documents passing across the network (not just the compromised device).
• Document spying - Featring built-in network, fax / modem and LAN / WAN capabilities, there are a variety of ways to smuggle the stolen data out of an organization, once it’s been captured.
• Credentials theft - If users need to enter a password for certain operations, such as scanning to email, an attacker can capture user names and passwords to gain further access to network resources.

While they may look harmless, modern multifunction printers aren’t dumb machines anymore. IT Admins need to pay attention to these devices’ vulnerabilities and weaknesses to be in a more favorable position where they can apply patches and, at the very least, prepare comprehensive risk-management strategies.

A word of caution also to the multifunction printers that can be accessed through an online authentication interface, through any web browser. Though this system is remarkably convenient for end-users, such authentication methods can easily be bypassed to launch commands which may completely hijack the device.

If you’re serious about closing all prime networked entry points for hackers, perhaps ou should also include all multifunction printers connected to your network.

Tags: network, printers, hackers, hijack, devices, business, authentication, security

Possibly Related Posts:

• SaaS ranking high on IT strategists’ agenda
• Bracing for data breaches
• SaaS checklist
• Microsoft’s take on openness
• Enterprise 2.0 Conference 2008

Are you popular? Do other people have in interest for gathering data on you? Are the interested parties friendlies or otherwise utterly dangerous?

All these questions quickly come to mind for information security experts who look to secure data in all ways possible to prevent that it get leaked into the wrong hands.

The internet connects over 1.5 billion people daily, for anything ranging from email or web surfing to complex remote medical interventions — that makes for a tempting target for ill intended individuals looking to get their hands on sensitive data, which is basically why you need to protect yourself better.

What you did to protect your data a year ago probably isn’t as good today because the very nature of threats keeps shifting in sometimes unforseen territories. Regularly assessing the efficiency of your data protection will become even more critical in the future as attackers, ranging from more or less talented hackers, organized crime and even foreign governments will try their best to steal anything of value (for them) that you may have.

Your computer’s hard drive is like a proverbial safe which instantly becomes (way) more vulnerable from the moment you connect to the internet or even a home wireless network.

If you intend to have the upper hand against those determined to steal your data, you need to be one step ahead of them, namely with the following no non-sense strategies:

• Enclaves - Early on, determine what’s the most sensitive data you must protect and give it special treatment because that’s probably what the data thieves will be looking for.
• Border firewalls - Network-layer firewalls work best when combined with application-layer counterparts so be creative in protecting your “borders”.
• Strong authentication - Require strong passwords (on everything) which must be changed regularly and for more serious security needs, consider using token-based systems (physical USB key-like devices with ever changing “tokens” to access the data).
• Configuration and patch management - Make sure your (1) equipment, (2) software and (3) human resources are always “well maintained”… and up-to-date!
• Host-based firewalls - Server and workstation intrusion, virus and malware protection is still essential to weed out the unwanted stuff that somehow finds a way in (in spite of all the other protections).
• Data encryption - Make sure to especially encrypt data on mobile devices since they’re the ones likely to be lost (or stolen) when in transit — encrypt all you can.
• Awareness and training - An aggressive cybersecurity program will go a long way in efficiently protecting yourself against newer threats.

While some treat data security entirely as a hit-and-miss process, experience shows that luck favors the prepared, when it comes to cybersecurity.

Forget the antiquated (but still active, alas) Nigerian bank scam threat pouring in email boxes all over the world, the newer threats tend to be socially engineered so ensuing phishing attacks are savvily aimed at the intellectual interest of the end user, making them that much harder to debunk. In other words, attacks are getting uncomfortably personal.

As you attempt, most probably armed with gear, software and knowledge, to fend off the attackers’ attempting to break open the gates to your digital kingdom, keep in mind that people are the weak link in any network security effort.

Interestingly, there’s a corollary to the “people are the problem” saying and it has to with the widely recognized fact that people are also the most effective “tool” to fight attackers.

Although you may never be perfectly secure, make an effort to prevent data thieves from succeeding in their highly illegal —and overwhelmingly stealth— attempts to steal from you.

Tags: security, cybersecurity, it, firewall, border, encryption, data theft, hard drives

Possibly Related Posts:

• SaaS ranking high on IT strategists’ agenda
• Bracing for data breaches
• SaaS checklist
• Microsoft’s take on openness
• Enterprise 2.0 Conference 2008