Printers can be a potential source of IT security risks and businesses need to protect them as they would any other critical device on the network, an expert has said.
Jon Huber, security expert for the multifunction research and development lab with HP in the US, said that businesses need to be more aware of the possible vulnerabilities. “As you get into multifunction printers and to some extent single-function devices you have to think of them not as boxes but as intelligent devices on the network. Many of the same ports and network protocols are open on a printer or MFP,” he told siliconrepublic.com.
“The imaging and printing processes that exist in a business are critical and if they go down the business will lose money.” The bottom line, added Huber, is that “just as businesses are concerned about security in their network environment you need to be concerned about security in your printing environment”.
He said that a useful framework that organisations should apply — and which HP is already discussing with customers — involves three principles: securing the device, protecting information on the network, and monitoring and managing this effectively.
In its US labs in Idaho, HP has conducted some tests by trying to run viruses and worms against some of its printers in a lab environment. These were not successful, partly because many printers do not run Windows-based operating systems. However, Huber pointed out that as with the general IT security arena the trend is moving towards a unified approach rather than just protecting against a single threat such as viruses.
Huber stressed that it was important to be aware of the security threat and to keep it in perspective. “The potential for attack exists and these are not just dumb boxes so it’s important to integrate them into a security strategy.” As part of a more holistic approach to security, users could have to pass authentication before they are allowed to print important documents, for example.
There does appear to be a groundswell within the printer sector of the issue at least. Other manufacturers, including Ricoh and Xerox, have begun to address security by integrating some features into their products.
However, another problem to be overcome is that many security products now available from various printer manufacturers are proprietary. “Right now there are no industry standards for imaging and printing security,” Huber acknowledged, before adding that these are in the process of being developed through the Institute of Electrical and Electronics Engineers and these may be ready by 2007.
By Gordon Smith