Multi function device (MFD) security
Today’s office print devices have come a long way from the standalone basic devices that once existed. Nowadays, printers and Multi-Function Devices (MFDs) are intelligent networked assets, that like a PC contain a screen, a keyboard, a hard drive (which can potentially store sensitive information), and an Operating System (OS).
Increased cybercriminal activity that is directly targeted at networked devices, including printers, has been highlighted as a weak link in the defence against corporate data theft and malicious attack.
Most enterprises actually overlook printer security and therefore these could be infected by malware that end up compromising the entire network and potentially allow for data breaches.
To complicate the matter, regulatory changes such as GDPR, contain potential ruinous financial and legal implications for non-compliance.
Article 34 - Communication of a personal data breach to the data subject – section 3 and 3a states that:
“3. The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met:
(a) the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;”
This is definitive and implies that organisations must take immediate action to incorporate MFDs into their overall data protection and security strategy.
At KYOCERA, we have evaluated all of the following potential MFD Security vulnerability areas; that can be mitigated by implementing the security measures (including encryption of MFD hard-drives) mentioned below.
1) Text Stamp/Bates Stamp
Users can choose document stamps such as “Confidential”, “Do Not Duplicate” and “Privacy”, depending on the type of document they are printing. These are overlaid on the printed document and users can edit the text stamp if required. The Bates Stamp function “Serial Number” will print the serial number of the machine used for the print-out and a numbering function which will print page numbers in sequence onto the printed documents. In addition, the function “Date” and “User Name” are also available.
2) Security Watermark
The printed document can be embedded with a security watermark pattern or text. When printed material embedded with the pattern is copied, the security watermark pattern will become visible. This clearly indicates that an unauthorised copy was made.
3) Document Guard Kit
The Document Guard Kit offers an optional function that embeds a security pattern in a document material. When users try to copy, scan or fax the document embedded with the special guard pattern, the device ceases operation and prohibits unauthorised copying. This prevents the leakage of valuable information. If the Document Guard Kit is not installed on the device, the security watermark pattern will appear, warning users that it is an unauthorised copy.
Verify and change e-mail/scan/send restrictions
Another area that can assist with the capture of documents and controlling where these are delivered to once scanned as this can be controlled. For example, e-mail send destinations can be restricted using the e-mail Send Restriction function for permission or rejection. Permitted send destination addresses are registered in advance so e-mails can only be sent to the permitted registered destination addresses. Rejected send destination addresses can also be registered in advance so that e-mails to that destination would be rejected.
KYOCERA MFDs/printers have a function to print files attached to e-mails. e-mail reception can be restricted through the e-mail sender restriction function based on pre-registration. Permitted sender addresses are registered in advance so that e-mails can only be received from the permitted sender. Rejected sender addresses are also registered in advance so that incoming e-mails from the rejected sender addresses would also be rejected.
PDF Password and Encryption: The Encrypted PDF function enables users to choose PDF file or high-compressed PDF for the file format, and securely protects the scanned data by encrypting and setting password. Restriction can be applied when opening, printing, or modifying the received PDF file by entering the correct password.
There are many different types of print control systems available, offering cost savings and control. These contain the ability to provide security for information in transit across the network.
The basic premise of print control solutions is that the user prints a job to a shared ‘virtual’ queue hosted on a central print server. The job is held on that server until the user authenticates with a device and selects the job(s) to be printed. The print job is then sent to the device and output. Audit information is then recorded at the server for reporting purposes.
This method offers a number of advantages, namely:
• Jobs are delivered while the user is present at the device;
• No information is held on the device;
• Restrictions on user rights can be made;
• Print costs are reduced; and/or
• It delivers enhanced device security.
• Network Security Level: KYOCERA MFDs/printers can limit communications on a network to receive/transmit on a set range of IP addresses and port numbers; and at a
• IP Address Filter Level: This restricts network access to the MFDs/printers by setting ranges of IP addresses or types of protocols.
Use secure communication protocols
Secure communication protocols ensure secure protection of the network communication channel. Depending on purposes or encryption schemes, there are a variety of protocols is available, thereby effectively protecting data against alterations or leakage via the network.
Using a network authentication protocol is an effective method of achieving authentication for secure communication. KYOCERA MFDs/printers support IEEE802.1x network authentication, SMTP authentication and POP before SMTP authentication protocol, for example when using ‘send to email’ functionality.
Disable USB port functions and optional interfaces
If a USB memory device is connected to a MFD through one of the USB hosts on the device, there is a risk of data loss or unauthorised access to data held on the device. The Administrator can disable the USB Storage Class feature which disables storage devices but allows connection of other USB devices such as card readers, keyboards, etc. The administrator can also disable the Optional Interfaces (Slots 1 & 2) to prevent fitting of unauthorised interfaces.
Devices are supplied from the factory with a default password. It is highly recommended that this be changed. Pick a suitably strong password that complies with local policy and do not use an existing computer account username/password.
Note: If an MFD password is forgotten then the device will require a factory-reset to be performed by a KYOCERA technician.
ID Card / RFID Access
If proximity ID media is used as access control to the building or for time management, the same ID media can be used to give controlled access to output devices like printers and MFDs. This is both convenient and offers improved efficiency. Combining this with the Job Storage function available on the MFD allows jobs to be retrieved from the device with access restrictions in place
Due to the fact that modern MFDs contain an intelligence in the form of an operating system it makes these a potential cyber threat and a target for theft of both data and user/network credentials.
Using enterprise grade security monitoring devices, within the network, and possibly connecting these devices on a separate sub-net, allows these control units to act as a gateway for both incoming and outbound traffic to the MFD fleet. All this whilst also supporting the monitoring of data packets for suspected threats.
Malware is eclipsing traditional viruses as the most prevalent threat on the internet. New strains of advanced malware are often referred to as Advanced Persistent Threats (APTs).
In recent times, some print control systems have evolved further to address issues of bandwidth utilisation and document security when printing via cloud-based servers.
A process of ‘Local Print Spooling’ can be employed using either the user’s PC or a designated MFD on the local network to hold the print job, with only audit and print policy information being sent to the server. When a user authenticates on a MFD, the held print job is then sent, printing on the selected device. This method dramatically reduces bandwidth utilisation, and keeps documents within the local network boundary. The addition of an onsite secondary server can also be utilised which manages devices, users and audit information which can be synchronised with a central master server.
The latest applications can also control access to scanning, limit destinations and control settings with access permissions based on global, group or individual needs.
KYOCERA can assist in the selection of the best solutions for an organisation’s requirement. Please contact your local office for more information.
Cloud Connectivity - A Virtual Private Network (VPN) is a highly secure method of connecting an office network infrastructure across a public network. KYOCERA uses VPNs as part of the cloud deployment solution to secure print information in transit. All data travelling over these connections is encrypted to a high degree allowing the use of the internet to host the connection. VPNs require specialised equipment and require set up by a suitably qualified technician to create the VPN ‘tunnel’. There are two types of VPN in use:
1) A site-to-site connection – which is typically used to connect offices or buildings; and
2) A client based connection – These are used in connecting locations in an ‘ad-hoc’ manner; for example when connecting a mobile 4G router to a cloud-based server.
Sensitive or confidential information can be stored on the device’s HDD or SSD and extra protection can be implemented. These conform to the Common Criteria Certification (ISO 15408) and can be used to either A) encrypt the HDD/SSD or B) overwrite-erase the data:
A) HDD/SSD Encryption
HDD/SSD encryption function is a security function that encrypts documents, user settings and device information stored on the HDD or SSD. Encryption is applied to the data using the 128-bit and 256-bit AES (Advanced Encryption Standard: FIPS PUB 197) algorithms. If the HDD or SSD is removed from the MFD, the sensitive or confidential information stored in the HDD or SSD would not be accessible. B) HDD Overwrite-Erase
HDD Overwrite-Erase is a security function that disables a third party’s ability to read a variety of data such as user settings, device information and image data stored on the HDD.
When printing or copying, scanned data is temporarily stored in the HDD and then output. Users also register various settings such as scan destinations and email addresses which are stored on the device. This information remains on the HDD until the data is overwritten with other data, even after the output or deletion of the data by users. There is a possibility that the data remaining on the HDD can be restored using special tools and utilities, leading to leakage of information.
The HDD Overwrite-Erase function is configured to overwrite the actual data area of the output or deleted data with random meaningless data so that the actual data cannot be restored. The overwrite-erase process is performed automatically so no manual operation is required from the user. HDD data is immediately overwritten even when respective jobs are cancelled during operation or directly after an entire job has finished.
Three overwrite-erase methods are available and subject to MFD model. These are:
1) One-time Overwrite-Erase - Unnecessary data area is overwritten once with null data, making the data difficult to restore or recover.
2) Three-time Overwrite-Erase - Unwanted data area is overwritten twice with random data, and then once with null data. The three-time overwrite-erase function removes the ability to restore the data even if using highly skilful restoration techniques. The three-time overwrite-erase method is more rigorous compared to the one-time overwrite erase method. In case of overwrite-erasing bulk data, the three-time overwrite-erase method may take longer.
3) The U.S. Department of Defence DoD 5220.22-M (Three passes) - The DoD 5220.22-M three-pass is the highest level security mode, compared to “One-time Overwrite-Erase” and “Three-time Overwrite-Erase”. It significantly reduces the risk of information leakage.
User Boxes, Job Boxes and/or Fax Boxes that store received and printed data can be created on the MFDs. Access to the data saved in these boxes can be restricted and here is how they function: User Box - Users can create User Boxes to store data on the MFDs. Box usage restrictions, data retention periods and passwords can be set for the respective boxes. A User Box can only be accessed by a user who has been registered as an owner for their User Box, and cannot be accessed by an unauthorised user. A Shared Box can be created allowing users who are not registered as owners can access to the box. After a period of time set by the administrator, the stored document data can be automatically erased enabling effective HDD self-management and data security.
Job Box - Data for Private Print, Quick Copy, Proof and Hold and Stored Job can be stored in a Job Box, which cannot be created or deleted by users. The box can be PIN code-protected controlling access to the data. The stored document data can be automatically erased after a set period of time enabling effective HDD self-management and data security.
Fax Box - This box receives Fax data. The fax data can be stored in the Fax Box using a memory forward function and data will be assigned to the respective boxes based on sender sub-addresses or fax numbers. The fax-received data can be previewed on the panel of the MFD so wanted faxes can be printed right away, whereas unwanted faxes can be deleted.
As a corporate responsible partner, KYOCERA try and discourage printing where is not needed. We don't want to stop people printing. We simply think that sometimes, people, and not everyone, need reminding that wasting paper, ink and toner doesn't make economic or environmental sense.
The IT managers that KYOCERA engages with, on a consistent basis strongly believe that ‘user education around cost benefits’ is the ideal way to encourage best practice printing. However, there is a much stronger sway towards mandates and automation; perhaps because of the wider range of automation/print control software and options now available. Companies need to do all they can, including the training and education of end-users to the advantages of only printing what is absolutely necessary and making sure that this is not just thrown away in the bon, but used as productively as possible.
Partial Lock function allows certain functions to be disabled and has three levels: Operation panel use, job management/execution and paper settings. The operation panel lock has the ability to lock out access to the system settings and job cancellation settings.
Use an Authentication method
Here, KYOCERA devices support a number of different ways to enable user logon. Access is in three levels - User, Administrator, and Machine Administrator. The security levels can be modified only by the Machine Administrator. Users that are not able to login to the machine can be allowed to use the functions of the machine on a restricted basis.
Local Authentication: Authenticates users based on the user data registered on the local user list on the MFD/printer. Only registered users can access the device.
Network Authentication: Authentication via a Domain controller. NTLM and Kerberos methods are supported. A password policy can be enabled enforcing password complexity and password age, together with logging of failed attempts.
Guest Function: When User Login Administration is enabled, a guest mode can be set so that only certain functions of the machine can be accessed without requiring authentication. This can also be used to reduce operating costs, for example by prohibiting colour copy in Guest Mode so that only users who login can use colour copying. This level of security can protect the device against information leakage whilst still maintaining user friendliness.
Secure Print is a print function for MFDs/printers and can be used for printing company confidential or personal documents without the risk of leaving unattended printed documents at the device.
Private print is a function that holds a print job sent from a user workstation on the MFD/printer until the appropriate password is entered through the operation panel of the device. This feature requires the user to set an access code in the printer driver when sending a print job from the workstation and entering it again at the device of when printing a document. After printing is finished the data is erased. If the main power switch is turned off before retrieving/printing the document, the data will still be erased.
IT and security professionals must consider MFDs as part of a strategic approach to network and data security. Beginning with the simplest steps and progressing to more enhanced and sophisticated measures, as required. This will ensure that they can safeguard their organisation against the loss of sensitive data from the likes cybercriminals and other malicious parties.
Moreover, in the context of increasing industry debate around securing the ‘Internet of Things’ and addressing emerging data protection compliance such as the General Data Protection Regulation (GDPR), IT and security professionals must use the first available opportunity to convert MFDs from a security blind spot to a visible component of their networked IT estate.
The measures required are comparatively simple and low-cost, but the consequences of overlooking them could prove dire.
BE PREPARED FOR GDPR
There are some very basic and core recommendations that KYOCERA suggests to “avoid the fine” and ensure that your organisation is compliant.
CLICK TO FIND OUT MORE ABOUT OUR 7 KEY STEPS TO PREPARE FOR GDPR
GDPR 10 KEY FACTS
Discover what the key GDPR features and changes to the European Data Protection Directive are and how they may affect you.
WHAT IS GDPR?
On the 25th May 2018, the European General Data Protection Regulation (GDPR) will supersede national laws such as the UK Data Protection Act, unifying data protection and easing the flow of personal data across all 28 EU member states.