Presented by Garrett Noles Hydrilla verticillata (L.f.) Royle.
Auditing Security Controls of Printers, Scanners, and Multifunction Devices 2010 NSAA IT Workshop...
-
Upload
cameron-moser -
Category
Documents
-
view
216 -
download
2
Transcript of Auditing Security Controls of Printers, Scanners, and Multifunction Devices 2010 NSAA IT Workshop...
Auditing Security Controls of Printers,
Scanners,and Multifunction
Devices
2010 NSAA IT Workshop and Conference
Brian Rue Chris Gohlke
Go Noles! Go Gators!
2
Presentation Agenda• 1st Half
– MFD Functions/Services & Security Weaknesses
• 2nd Half– Preparing a MFD Audit Program
3
In the Beginning…
Chester Carlson with the first xerographic apparatus
30’sNot much to audit
4
Manual process – Thermal Paper Transfer
Still not much to audit…..
5
Xerox 914 was the first plain paper photocopier using the process of Electro-photography
No USB/No Tape Drive/No Hard drive/It did come with a fire extinguisher due to heat & ignition issues
6
The image above shows the channel-attached version of the 9700, as the tape tower isn't present. Under the LS100 terminal, Xerox had placed a modified DEC PDP-11/34. An extra cage contained a few proprietary cards to facilitate the page ripping. There was a Control Data 14" hard drive (the removable platter type) on sliders.
CPU/ Memory – Tape Drive added..
7
Printer/Copier/Scanner/FAX Wired Network Connectivity Wireless Networking Wi-
Fi/Bluetooth Removable Memory Hard Drives Operating System Web Server User Accounts Remote Access Landline Connection Scan to Network Share or PC E-mail Integration Web Submission of Print
Jobs Web Browser
8
The CBS News Story On YouTube
http://www.youtube.com/watch?v=iC38D5am7go&feature=fvw
9
Understanding the MFD
10
MFD>A Server with a Glass TopMFD Hardware Components1. Central Processing Unit (CPU)
2. Memory (ROM/RAM/FLASH)
3. Hard Drive
4. Network Card
5. ABGN Wireless Radio
6. Bluetooth Radio
7. USB Connection
8. Analog Modem
9.Multicard Memory Reader
10. LCD/LED Screen
11
MFD Breakdown
12
MFD Software• Operating System -GNU/Linux, VxWorksS, Windows NT
4.0 Embedded, Windows XP Embedded, Mac OS X, Sun Solaris, or Vendor Proprietary OS
• Print Engine/Controllers – May be supported by secondary OS
• Database (PostGreSQL+)
• Drive File System (NTFS/FAT)
• Additional Applications (Document Management -Optical Character Recognition or PDF conversion, Software Development Kits – Sharp OSA, Xerox EIP, HP Open Extensibility Platform, Web Server)
13
MFD Software Security Issues• Security patches not applied to operating system
and services with discovered vulnerabilities– Lack of vendor support for security patches
– Software or Operating system vulnerabilities may be used to elevate privileges
• Lack of change management procedures
• Memory storage (hard drive, ROM/RAM, flash drive) unencrypted by default– Hard drive stores spooled and processed jobs in clear text– MFD RAM memory stores documents in clear text during and after processing by
default– Flash drives usually contain unencrypted jobs
14
MFD Services
• Apache Web Server
• Remote Access (Telnet,FTP,HTTP,SNMP)
• Bytecode interpreters or virtual machines for internally hosted third party applications
• Network service clients for sending of documents to different destinations
• Network service servers for receiving documents for print or storage
• Image processing services
15
MFD Services Security Issues• Unneeded services left on increasing the
number of potential attack points into the MFD
• Services with security vulnerabilities not patched
• No/limited logging of service activity
16
MFD Network Communications
• Common Open Ports/Protocols– HTTP 80/TCP– SNMP 161/UDP– LPD Printing 515/TCP– PDL Printing 9100/TCP
• Protocols– AppleTalk– Internet Printing Protocol– PCL– HPPCL Printing Protocol– Telnet– IPX/SPF– FTP– TCP/IP
17
MFD Network Communication Security Issues
• No firewall rule set for ingress (traffic into the MFD) or egress (traffic out of the MFD) filtering
• MFD does not support entity PKI strategy (no support for CA certificates)
• Print/fax/scan jobs transmitted over network/Internet in clear text
• Unneeded protocols and ports left open
18
MFD Wireless Access
• Wi-Fi– WEP– WPA
• WPA-PSK• WPA-Enterprise
– WPA2• WPA2-PKS• WPA2-Enterprise
– No Encryption
• Bluetooth– Prior to Bluetooth v2.1, encryption is not required and can be
turned off at any time.
19
MFD Wireless Security Issues• Unencrypted wireless connections transmitting
documents in clear text (intercepting documents in the air)
• Potential remote attack access point into the MFD
20
Fax Services
• Fax to memory (disk/disk share)• Hardcopy fax printouts• PSTN – analog phone modem
connection
21
MFD Fax Services Security Issues• Faxes auto print in an unsecured area
– No authorization required to verify recipient before releasing fax
• Faxes held in unencrypted memory after print
• Lack of logical separation of analog modem from LAN (Ability to enter LAN from modem connection)
22
Drive Shares
• Network Drive Shares• Printer Drive Shares
• PC/MAC Shares
• Printer Hard Drive Shares
23
MFD Shares Security Issues
• No auditee procedures for configuring drive shares
• Undocumented drive shares
• Shares setup without encryption
24
MFD Management
1. Device Console2. Web Interface3. Network
client/server enterprise management application
25
MFD Management Security Issues
• Physical Consoles on MFDs Setup Without Pass Codes
• Default Web Interface may not require password
• Most devices not configured with user or group accounts to authenticate and authorize
• Limited to no logging of user activity (console logons, patching, administrative functions)
26
MFD Repair Procedures
27
Physical Security
1.Conduct Risk Assessment to determine if use of MFD and physical location of device provides adequate physical security controls.
2. Processing confidential or sensitive data on a device in a common area creates multiple security issues.
28
Surplus Device Procedures
1. Clean Printer Configuration Files
2. Wipe Drives/Memory
3. Ensure no Sensitive Paper Copies on Glass or in Machine (legacy paper jams)
29
MFD Certifications/Acts/Contractual
Obligations• National Security Telecommunications and Information Systems Security Policy (NSTISSP) #11
• DOD Directive 8500.1• Common Criteria (EAL1 to EAL4)• Gramm–Leach–Bliley Act (GLB)• Health Insurance Portability and Accountability
(HIPAA)• Payment Card Industry – Data Security Standard
Potential Components of an MFD Audit Program
• Network/Server• Shares• Wireless• Access Controls• Physical Security• Encryption• Surplus• Contracts/Leasing• Policies and Procedures
30
A Majority of Which Fall Into Your Normal IT Audit Program
MFD Audit
Program
IT Audit Program
31
Since you probably won’t get a ton of audit hours for MFD’s……
32
Obtain an Understanding and Assess the Risk
• Get an inventory listing• Inquire• Observe
• Get manuals• Search online for common vulnerabilities
33
Physical Security
• Does the unit have a locking compartment for the hard drive, etc?
• Is there a physical reset button that will restore the unit to factory default? Is it secured?
• Is the entire unit secured in place, or could it be wheeled out of the building?
• Is output secured?
34
Device Controls
• Strong password controls at the console?• Settings/administration locked down to authorized
individuals?• Is the web interface turned on? Does it need to be?• Are unneeded network services turned on?• Is wireless on? Does it need to be? Is it secure?• Logs kept/reviewed of administration functions?• Are the logs secured? • Are there security patches for the device and if so are they
checking for them and applying them in a timely manner?
35
Data Controls
• Does the device have an option for encrypting/automatically wiping copies after a job prints?
• Did they pay for it?• Is it turned on?• If not, why? Do they have a compensating
control?
36
Surplus
• Did they lease or purchase?• If leased, what rights do they have to wipe the
drive? Is it user accessible? Are you going to be able to audit it?
• If purchased, do MFDs fall under their normal PC surplus policies for having devices wiped?
• What about when the device is serviced or parts replaced?
37
Policies and Procedures
• As always, the above should be covered by a policy and procedure.
38
39
Multifunction Device Resources
40
http://h20338.www2.hp.com/enterprise/downloads/NIST%20SUBMITTED%20Configuring%20Security%20for%20Multiple%20LaserJet,%20Color%20LaserJet,% 20and%20Edgeline%20MFPs.pdf
41
http://www1.lexmark.com/documents/en_us/1_SecurityBrochure.pdf
42
http://www.office.xerox.com/latest/SECBR-03UA.PDF
http://www.aot-xerox.com/files/content/MFPsecurity.pdf
43
Questions?