Jan 11 2011

A Bad Image

Staunch data leakage through printers, fax machines and copiers by properly securing these devices.

IT leaders often don't give much thought to their printers, fax machines and copiers when they focus on security, but they should. Networked imaging devices may present the biggest single security hole in a school.

The reason? Most multifunction printers don't have centralized management; in fact, many aren't managed at all. Imaging devices may retain your most sensitive information in a form that can be accessed by anyone, and some may even send sensitive documents to unauthorized users on request. Here are seven tips for minimizing the risk:

1. Perform an inventory of all network-attached imaging devices, including scanners, printers and fax devices. Find the IP address, software version and the options that are installed.

2. Learn which of these devices contains a hard drive. In networked devices, you can usually find out by browsing the IP address of the device and looking at the management pages. For other devices, you may need to check the manufacturer's information.

3. If your device contains a hard drive, see if the drive is encrypted. Usually this will be indicated by the presence of an encryption option in the management software. If you don't find such an option, see if you can add it to your device. If you can't, then limit use of the device to only nonsensitive documents.

For printers, copiers and fax machines that aren't connected to the network, you may be able to determine the presence of a hard drive by printing a status page. You'll still need to find out if the drive can be encrypted, and the status page may tell you that. If not, call the manufacturer.

4. While you're visiting the management pages of these devices, set an admin password that has the same level of security as your other network devices. If possible, also set an admin password for devices that aren't attached to the network. You should also limit or completely block access to devices' management pages by nonadministrators.

5. Secure physical access to devices, either by locking access panels or by placing the devices in a room that can be locked. One common method of compromising sensitive information is to have the hard drive replaced during service. For hard drives that aren't encrypted, monitor physical access to the inside of your printer, scanner or fax machine.

6. Manage your network so that devices can't be accessed from outside the network, and so that document images can't be e-mailed except to approved addresses. IP addresses should be in zones that don't have Internet access, and routers should be set to deny access to these addresses from outside the protected network.

7. Make your next purchase of imaging products from a manufacturer that offers centralized management, and include a requirement for products that meet the IEEE P2600 family of standards for hardcopy device and systems security, which includes security features such as passwords, encryption and file "shredding." For example, Canon recently introduced a proprietary management system that scans for prohibited keywords.

The ability to manage what happens to electronic documents saved on your imaging devices is ultimately the key to protecting your school from these frequently overlooked threats.