Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?
Printing is perhaps rarely discussed in a cyber context, but while the prevalence of connected printers and multi-function printers (MFPs) enhances convenience and productivity, it also poses security risks, both technological and physical. From managing and securing paper in digital processes to securing the devices themselves, businesses need to ensure they have a print security strategy in place.
As printers evolved and their feature sets expanded, it became commonplace to encounter printing devices in the workplace that are either connected to the internet, to sensitive networks or to both.
Printer devices are commonly overlooked within the scope of security audits as they are often not perceived as the complex computers they are. In addition, many printers are prone to crashing when scanned, and thus the risk of disruption typically leads to only a cursory review being conducted even when these devices are within the scope of an assessment.
This approach may give the impression that printers do not pose a risk to an organisation, a false sense of security, as year on year we see security research presented that identifies severe vulnerabilities and gaping holes in the security of these systems.
Before looking at how we can reduce the risk printers and printing may pose to an organisation, we must look at the common risks:
While non-exhaustive, these are some of the key risks a potentially vulnerable printer or printing process could present to an organisation. A secure print strategy should consider points that reduce the risks noted above, as well as the risk posed by those using the printer and managing the documents printed.
Considering the above risks, there are a number of ways where mitigation can help to reduce the possibility of successful attacks.
Security monitoring and inventory is the first step to understanding the baseline security posture of printers within an organisation. It is crucial to know what firmware version is in use, whether a default configuration (and thus default password) is set up or whether any anomalies are present.
While you cannot protect against unknown vulnerabilities, organisations can reduce the risk of being exploited by ensuring a hardened configuration and the most up-to-date firmware is in use. In order of priority, organisations should ensure:
These steps can help to prevent attacks such as credential theft in the case a device has credentials stored, where, for example, previous attacks have seen LDAP credentials extracted via coercing the printer to authenticate with rogue, attacker-controlled devices.
While it may not be practical to fully isolate your printers at the network level, care should be taken to ensure all printers can only access user workstations and in addition, that printer management interfaces can only be accessed from management designated systems.
This helps to prevent lateral movement to sensitive systems in the case a connected printer is compromised, as well as preventing access to printer management interfaces from unauthorised users.
Regular review of the printer’s location should be conducted to ensure no sensitive documents are left unattended. Where possible, clearly labelled bins and shredding devices should be present close to the printing station, and employees should be encouraged to use them for the disposal of secure documents.
Secure pull and FollowMe printing are a means of ensuring documents are only released and printed once the authorised user has authenticated with the device. This is a safe way of ensuring printed documents don’t end up in the wrong hands before the user reaches the printer.
Printers tend to be excluded from penetration test scopes, as they are either overlooked by the organisation or considered to be fragile by the vendor – for example, security scanning can cause them to crash and, as a result, they are often implicitly not robustly assessed.
Printers should be included within the scope of penetration tests with explicit checks for common misconfiguration and a plan of action in the case these devices are disrupted (such as testing outside of busy periods and having someone present to reboot the devices if required).
Educating users is an important part of security and steps should be taken to ensure users of the printers understand data confidentiality, protective markings and good practice around the handling of sensitive materials.
Where possible, printer hard-drives should be encrypted where supported as well as securely wiped prior to the disposal of a device. This can help to prevent data recovery efforts in the case a printer is stolen or obtained by a malicious individual.
Implementing these measures can significantly reduce the likelihood of successful attacks and may also help to detect any potential attacks or points of entry before they are exploited by attackers.
Josh Foote is a cyber security expert at PA Consulting