Print Security and Identity Authorization

Similar documents
Samsung Security Solutions

HP LaserJet 4345 MFP Security Checklist 3/29/2006

Sharp s MFP Security Suite The best of the best in the Market

HP Printing Security Best Practices for HP LaserJet Enterprise Printers and HP Web Jetadmin

HP Access Control Smartcard Solution

HP Imaging and Printing Security Best Practices

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

SeCUritY. Safeguarding information Within Documents and Devices. imagerunner ADVANCE Solutions. ADVANCE to Canon MFP security solutions.

Sharpen your document and data security HP Security solutions for imaging and printing

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

HP Designjet Printer series. Security features

Archiving: Session ID: More Than Just Compliance. Frank Orlando

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Embedded Web Server Security

HP JETADVANTAGE SECURITY MANAGER

IMAGER security solutions. Protect Your Business with Sharp s Comprehensive Document Security Solutions

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

SECURITY WITHOUT SACRIFICE

Securing Network Print Jobs

Control scanning, printing and copying effectively with uniflow Version 5. you can

SECURITY. Konica Minolta s industry-leading security standards SECURITY

Security Solutions. Concerned about information security? You should be!

Embedded Web Server Security

Xerox PrintSafe Software

Xerox Mobile Print Cloud

State of South Carolina Policy Guidance and Training

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

NERC CIP Requirements and Lexmark Device Security

Did you know your security solution can help with PCI compliance too?

Software solutions for the Lexmark Solutions Platform

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Evaluation. Common Criteria. Questions & Answers Xerox and Canon. Xerox Advanced Multifunction Systems

HP Universal Print Driver

Xerox Mobile Print Solution

CAC/PIV PKI Solution Installation Survey & Checklist

Xerox Mobile Print Cloud

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

QRadar SIEM 6.3 Datasheet

HP LaserJet Pro Devices Installing 2048 bit SSL certificates

PRINT CONFIGURATION. 1. Printer Configuration

Reform PDC Document Workflow Solution Streamline capture and distribution. intuitive. lexible. mobile

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

support HP MFP Scan Setup Wizard 1.1

IEEE 2600-series Standards for Hardcopy Device Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CloudDesk - Security in the Cloud INFORMATION

Security. and HP Web Jetadmin Overview... 2

EMBEDDED WEB SERVER CONFIGURATION TO ENABLE AUTOSEND AND OUTGOING FOR HP QUICKPAGE

HP FutureSmart Firmware Device Hard Disk Security

Common Criteria Certification for Samsung Multifunction Printers

Features and Solutions November 2013

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

INFORMATION SECURITY PROGRAM

Trademarks. Legal Notice. Revision History

United States Trustee Program s Wireless LAN Security Checklist

SMTP PROXY SERVER INSTALLATION FOR HP QUICKPAGE

Ensuring the security of your mobile business intelligence

White Paper. BD Assurity Linc Software Security. Overview

Installation and Setup Guide

Send to Network Folder. Embedded Digital Sending

Xerox Next Generation Security: Partnering with McAfee White Paper

FileCloud Security FAQ

LaserJet USB Walk Up Printing

Sharp Security Suite Technical Questions & Answers

LaserJet USB Walk Up Printing

Security White Paper. for KYOCERA MFPs and Printers

eprint SOFTWARE User Guide

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

One platform for printing, copying and scanning management. you can

HP A-IMC Firewall Manager

hp embedded web server for hp LaserJet printers

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

HP IMC Firewall Manager

HP OfficeJet Pro 276DW Scan to Network Folder and Digital Fax to Network Folder not working after firmware upgrade

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Data Security Considerations for Research

use hp color LaserJet 5500 hp LaserJet 4100mfp hp embedded web server hp color LaserJet 4600 hp LaserJet 4300 hp LaserJet 9000mfp

Locking down a Hitachi ID Suite server

SNAP WEBHOST SECURITY POLICY

Xerox WorkCentre 5325/5330/5335 Security Function Supplementary Guide

SMART INSTALL CONTENTS. Questions and answers

Guideline on Auditing and Log Management

Setting Up Scan to SMB on TaskALFA series MFP s.

Embedded Document Accounting Solution (edas) for Cost Recovery. Administrator's Guide

Network Security Administrator

Hosted SharePoint: Questions every provider should answer

Print Audit Facilities Manager Technical Overview

GFI White Paper: GFI FaxMaker and HIPAA compliance

Transcription:

Print Security and Identity Authorization 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

Agenda Why Be Concerned about Security in Imaging and Printing? Security Vulnerabilities In the Press HP's Approach to Imaging and Printing Security Implementing a Secure Environment Identity Authorization 2 31 January 2008

Why be concerned about Security in your Imaging and Printing environment 3 31 January 2008

How do you protect your property? 4 31 January 2008

Security is on everyone s radar Corporations reflecting vulnerabilities from a growing number of security breaches Information theft (avg. cost $2.7M/incident) $59B proprietary and intellectual property loss each year by US companies 70% is unauthorized employees; 95% result in financial losses. Unauthorized Access is the second biggest cause of financial loss in the US Consumers increasingly concerned 82% of consumers list security as their most important concern when they consider the electronic data they save through digital services Decline in online transactions Government strengthening security internally & protecting the public externally Security policy Mandates to protect government data: US Federal Government s IPv6/IPsec Mandate Regulations that protect the Public: Sarbanes-Oxley, HIPAA & Identity Theft Protection Act (pending), California 1387 5 31 January 2008

Why be concerned about imaging & printing security? Printers/MFPs are intelligent devices, similar to servers and desktops Use many of the same network ports and protocols Have many of the same components like hard drives, expandable memory, graphical user interfaces, USB capability Like servers and desktops, printers/mfps are vulnerable to attack if steps are not taken to secure the environment Critical business workflows are dependent on printers/mfps. If printers/mfps go down, revenue is lost 6 31 January 2008

Why Care about Security for Imaging and Printing? Confidential Documents Accessible Device Configuration Changes Network Sniffing Information Disclosure Hardware Theft Compliance Requirements 7 31 January 2008

Compliance it is everywhere SEC 17a-4 (USA) Canadian Electronic Evidence Act Basel II Capital Accord Electronic Ledger Storage Law (Japan) HIPAA (USA) 11MEDIS-DC (Japan) ISO 18501/18509 AIPA (Italy) GDPdU & GoBS (Germany) FDA 21 CRF Part 11 NF Z 42-013 (France) Sarbanes-Oxley Act (USA) Public Records Office (UK) Financial Services Authority (UK) BSI PD0008 (UK) These are just a few examples as there are over 20,000 compliance requirements worldwide If your company isn t directly affected by compliance, think about your suppliers and partners; they may be and may pass down the request directly to you 8 31 January 2008

Value of Information Assets What type of assets need to be protected? Physical assets & People, Software, Information/Data Paper Based Assets (printed information) Electronic Based Assets Challenge is to strike the balance between PBAs and EBAs Secure Printing as the interface between paper and electronic assets must be a controlled environment Imaging and Printing Security must be part of the overall IT security strategy! 9 31 January 2008

Security Vulnerabilities 10 31 January 2008

How vulnerable can printing environments be? How much attention do users pay to their print jobs? Leave print outs uncollected Print several copies when only one is needed Users may plug in and install unsupported printing devices Users may scan, copy, fax and e-mail documents without permission using MFPs How much attention do organizations pay to their printing environments? Typically only driven by cost control not security considerations Organizations rarely document their printing environment (device type, user/device ratio, MFP features, etc ) Do not integrate or manage their printing rights (+MFP rights) centrally Typically feel safe from Internal abuse and only consider External abuse 11 31 January 2008

Printer attacked!!! 1999: Space and Naval Warfare Systems Command (SPAWAR) in San Diego Intruder hacked into printer and re-configured routing tables on SPAWAR equipment Files in the print queue were directed to Russia and then back to SPAWAR printer Hijacker could keep a copy or even modify its contents Noticed only when an impatient network ops engineer noticed that his local print job took an unusually long time to start printing Like most hacks, it has not been determined who perpetrated this attack Russian spies or someone else 12 31 January 2008

Results of no security policy in place Sensitive documents are exposed On the network Client to print server and from print server to printer On the print server In the printer memory awaiting print In the printer output tray to other than intended recipient Inadequate authentication and record of Who initiated the printing of what, when, how many times Who picked up the document at the printer Inconsistent security methods from multiple print vendors across document management systems, servers, and clients weakens overall system security 13 31 January 2008

In the Press 14 31 January 2008

In the press 15 31 January 2008

Printing Security in the Press January 15, 2007, Computer World: "The Surprising Security Threat: Your Printers" 16 31 January 2008

Printing Security in the Press January 25, 2007, eweek.com: "Our Printer Got Hacked?!?!" It's one of those "not really a big deal yet but could blow up soon" problems: Printers 17 31 January 2008

Printing Security in the Press January 17, 2007, Computer World Blog: "Network printers are a security threat" 18 31 January 2008

HP s Approach to Imaging and Printing Security 19 31 January 2008

Different customers need different security approaches Advanced Organizations need advanced security capabilities Proactive Specific hot button issues Trend Limited awareness or action Make sure that basic security is implemented One size does not fit all! 20 31 January 2008

HP + IPG Security Framework HP Security Framework Channel and HP delivered security services Security & vulnerability assessment services Security management Network security Application security Data security Physical security Authentication Authorization Patch management Centralized management Network firewalls Virtual private network (VPN) Web/content filtering Antivirus Application firewall Intrusion detection & prevention Asset Protection 21 31 January 2008 HP Commercial Imaging & printing Security Framework Secure the Imaging & Printing device Protect Information on the Network Effectively monitor and manage

HP s Imaging and Printing Security Framework Secure the I&P device Protect information on the network Effectively monitor & manage 22 31 January 2008

HP s End to End Security Offerings Secure the I&P device Protect information on the network Secure Secure Storage Storage Erase Erase PIN PIN retrieval Pull Pull Printing Printing Passwords Protocols Secure Secure administration User User Authentication LDAP, LDAP, secure secure LDAP LDAP NTLM, Kerberos Swipe cards, cards, proximity cards, cards, smart smart cards cards Biometrics HP HP Jetdirect IPSec IPSec 802.1X 802.1X (device (device auth.) auth.) SNMPv3 HTTPS HTTPS Secure Secure IPP IPP support support Fax Fax line line isolated isolated from from LAN LAN Encryption of of scan scan data data Encryption of of print print data data Effectively monitor & manage Discovery of of un-password protected EWS EWS User User Level Level Tracking and and Control Control Security Security Configuration Checklists Common Criteria Criteria Certification Level Level 3 Secure Secure File File Erase, Erase, Secure Secure Storage Storage Erase, Erase, and and Separation of of Fax Fax from from LAN LAN 23 31 January 2008

HP: Leading in Security for Imaging and Printing First to implement SNMPv3 First to ship with IPSec First with 802.1X supplicant support First with SSL/TLS management First with NIST approved security checklist First and only printing vendor with IPv6 Consortium Gold approval First with CCC certification on Level 3 24 31 January 2008

HP Printing and Imaging Security Common Criteria Certification Product Name Status Conformance Claim HP LaserJet M3027 MFP, HP LaserJet M3035 MFP, HP LaserJet M5025 MFP, HP LaserJet M5035 MFP, HP LaserJet M4345 MFP, HP Color LaserJet 4730 MFP Completed EAL3 June 2007 HP LaserJet 9040 MFP, HP LaserJet 9050 MFP, HP LaserJet 4345 MFP, HP Color LaserJet 9500 MFP, HP LaserJet CM4730 MFP Pending Feb 2008 EAL3 National Information Assurance Partnership (NIAP) Common Criteria Certification (CCC) Fax/Network Isolation and Disk Overwrite http://www.niap-ccevs.org/cc-scheme/vpl/ 25 31 January 2008

Securing your Imaging and Printing Environment 26 31 January 2008

Security Implementation Plan Improve Workflow Evolutionary Path Manage Environment Optimize Infrastructure 27 31 January 2008

Steps to Secure the Printing Environment 28 31 January 2008

Step 1: Get in Control of the Device Fleet Through HP Web JetAdmin 29 31 January 2008

Step 1: Get in Control of the Device Fleet Use HP/Web Jetadmin to: 1. Identify how many printers are networked and direct connected 2. Identify types/models of printers 3. Standardize configurations based on model, capabilities, etc. 4. Bring printers and jetdirect cards up to latest firmware revisions 5. Manage printer status on an as needed basis 6. Create groups based on lines of business, types of printers or location 7. Develop security and profile models 30 31 January 2008

Step 2: Secure Devices Through certified checklist (e.g. U.S. National Institute of Standards and Technology) 31 31 January 2008

Step 2: Secure Devices Use the NIST check list to define policy that covers settings for: Device passwords Secure admin data exchange PJL commands Secure erase options Digital sending options Job Retention timeout Network Access Protocols stacks Additional device functions (e.g. job cancel button) 32 31 January 2008

Step 3: Implement Authentication The most convenient for every MFP function 33 31 January 2008

Step 3: Implement Authentication Avoids access to confidential printouts Typical authentication methods Group PIN User PIN Magnetic card Proximity badge Smart Card / USB key (PIN + certificate) Biometrics any combination (AND/OR) Authentication can be configured for Print, Fax, Copy, Digital Send 34 31 January 2008

Step 4: Implement Encryption Complete / Partial 35 31 January 2008

Step 4: Implement Encryption Needs are different depending on scope Integrate printers into overall IPsec strategy Implement separately for printing All / some users All / some devices 36 31 January 2008

Step 5: Implement Pull Printing No more documents in the output trays 37 31 January 2008

Step 5: Implement Pull Printing (1) 1. Send print job to generic queue on the server 2. Authenticate at any device 3. Pull print job from server PULL 2 1 3 38 31 January 2008

Step 5: Implement Pull Printing (2) To print confidential documents To support an Optimized Infrastructure strategy For travelling users to find and access printers For travelling users to get printouts forwarded When printers are out of service When printers are exchanged 39 31 January 2008

Step 6: Implement Job Level Tracking Tracking abuse & avoiding misuse 40 31 January 2008

Step 6: Job Level Tracking Tracking of print/fax/copy/scan jobs Collect and archive job information per function (print, copy, fax, scan) Eventually archive the whole document Be consistent with general email policy Additional benefit: Cost allocation and bill back to departments 41 31 January 2008

Summary Security is everyone s concern Your technical solutions are only as strong as the policies they support and the procedures built around them To successfully implement security strategies you need to get management to drive them, IT and HR to implement them and staff to understand and respect them. Security is a value add and a business enabler Imaging and Printing Security must be part of the overall IT security strategy! 42 31 January 2008

www.hp.com/go/secureprinting 43 31 January 2008

We re here to help Improve Workflow Business Process Consultant Manage Environment Services Consultant Optimize Infrastructure Technology Consultant Engage your Account Manager to get started 44 31 January 2008

Identity Authorization 45 31 January 2008

HP Imaging and Printing Security HP Common Access Card (CAC) for MFP HP CAC for MFP solution launched in Summer 2007 Components HP CAC firmware and authentication agent HP CAC reader Feature and infrastructure support CAC Authentication, send to folder, and send to email (signed) Active Directory, Kerberos, OCSP, and CRL infrastructure Product support HP LaserJet M4345, M3035, M5035 MFP HP LaserJet CM4730 MFP, HP Digital Sender 9250C HP Edgeline in Spring 2008 46 31 January 2008

Smartcard Process Flow 47 31 January 2008

48 31 January 2008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information