Do Your Printers Pose a Security Risk?
Today's printers can do some pretty amazing things - not only do they connect to your network; they can even connect wirelessly. And they can connect to the Internet, too, so that you can print to them from a remote location, even from a smart phone or tablet. The convenience is obvious - but what about the security implications? Before you buy and set up one of these sophisticated new printers for your business, be sure to read this article.
The Evolution of Computer Printing
In the early days of computing, printers were a necessity because people were used to dealing with information in printed format. The information was usually input to the computer by a "data entry" technician, and the output was printed for distribution to those who needed the information. Computer monitors were small and monochromatic, and most executives and others who would read the reports or peruse the numbers didn't have computers on their desks. Additionally, people didn't trust digital files not to disappear into thin air (which they often did - or seemed to do - when systems crashed or hardware failed), so everyone felt more comfortable with a "hard copy" that was a tangible object and not so fragile.
Today, many companies and individuals have made a conscious effort to "go green," which includes conserving paper and printing only when absolutely necessary. In some industries, written content is created, edited and revised completely on-screen and then published to the web or shared with others as a digital document that never gets translated into ink and paper. Nonetheless, most businesses still produce plenty of printed material - reports, budgets, meeting handouts, even printouts of slideshow presentations - and most home computer users own a printer for printing photographs, correspondence, homework, etc.
Early printers connected directly to a single computer, usually via the parallel port. Then USB came along, which made it easier to connect a printer to a computer. Next came network printers; this was the real turning point when printers became more than just printers and turned into computers themselves, with their own Ethernet interfaces and IP addresses - they can even get viruses. Of course, many of today's printers are more than printers in another way; they're "all in one" devices that combine printing, scanning, copying and faxing functionalities. With network printers, you no longer need a print server (a computer to which the printer is attached and through which the printer is shared).
Network printers opened up all sorts of possibilities, but it also made printers vulnerable to security risks just like computers. And in the last few years, printers have gotten even more sophisticated. The first wireless printers used Bluetooth, a short range technology. But wireless printers are now commonplace that use the same 802.11 wi-fi technology as laptops and tablets and smart phones and other mobile devices. That means they can also communicate with any of these devices, along with the devices on your wired network. They can even communicate over the Internet, and they have display screens and built in apps so you can access web pages and print them, using just the printer (no computer required) or upload photos to a photo sharing site directly from the printer. How cool is that? Along with coolness, though, comes risk.
Assessing the Risk
In what ways do wireless printers pose a risk to your network? As with any other wi-fi device, a wireless printer is more vulnerable than a printer that's wired to the network because an unauthorized person may be able to connect to it from outside your office or building. Remember that wi-fi signals go through walls, some more than others.
You may think "it's just a printer" and think that the only risk is that of someone being able to send print jobs to it and use up your ink and paper. This is certainly one scenario, and although it might not practically do the intruder much good - after all, he would have to be able to physically access the printer to pick up his printed material - it could be the basis for an attack that attempts to fill up the print queue and prevent others from printing (a printer Denial of Service) or a way to send offensive messages or even spam via the printer (with the added bonus of costing you money for the supplies).
However, the greater security issue is that printers store previous print jobs in their queues. Network printers have internal hard drives that can store those documents. Someone who accesses the printer may be able to hack into the printer's OS and view those documents, which could contain sensitive information. If the queued documents are held in a printer's Random Access Memory, they would be cleared when the device is powered off, but if they're stored on a built in hard drive or flash memory, the printer can retain copies of the documents even when the printer has been turned off. Another risk is that documents sent wirelessly to the printer could be intercepted during transmission over the airwaves.
Many of today's printers, both wireless and wired, can connect directly to the web and have their own embedded web servers, and many offer administration and remote control via a web site, so that if it's not properly secured, an unauthorized person could seize control of the printer from a remote location.
And finally, there's the old, "low tech" security threat associated with printers - the risk that users will send a print job to the printer and forget about it, leaving the document to sit there for anyone to view or steal.
To get an idea of what a talented hacker can do if he targets your printer, see this article.
Measures to Secure your Printers
There are many steps you can take to ameliorate the security risks that are posed by your printers.
- Keep your printers' software up to date. Just like any computer, router or other device on your network, printers can have vulnerabilities, and patches are issued by their hardware vendors. Ensure that those patches are applied.
- If the printer can be accessed wirelessly, ensure that the wi-fi network is protected with WPA2 (not WEP).
- Of course you'll want to set permissions on your network printers to control who can and can't send and manage print jobs. Leaving it open to allow "everyone" to print may be convenient, but it's not secure.
- If the printer allows you to bypass its internal hard drive and print directly from RAM, select this setting for better security, and ensure that print jobs are not stored on the drive. Note that this does affect performance.
- If you do choose to store print jobs on the drive, ensure that it is encrypted with a strong encryption method, such as AES.
- If the printer allows you to overwrite the data immediately after printing (or scanning or faxing, if it's an all-in-one device).
- Some enterprise printers allow you to require that a password be entered, or that you insert a smart card or authenticate with biometrics, in order to print a print job. This requirement that the user physically visit the printer to provide authentication information also reduces the risk of leaving the printed document sitting in the output tray unattended.
- Use printers that don't have a "reprint" function, or that allow you to turn that feature off, to prevent others from reprinting a job after the user has picked up the printed document.
- Use accounting features that show the user name, date and time for each print job to track this information for security purposes, not just for billing/accounting.
When it's time to purchase new printers, check into the security features built into the devices. Many printer vendors are increasing their focus on security and building in software to prevent unauthorized configuration changes, protect against viruses, and encrypt data stored on the printers.