Blog / How Secure is your Printer??
If you were to ask someone with knowledge of networking and computers about who, or what is the Boogeyman of today’s Computer World is, you’d probably get two answers:
- The Internet of Things (IoT)
This brings me to a question I have for today’s Newsletter: What IS the Internet of Things?
The simplest definition of IoT can be found on Wikipedia:
“IoT involves extending Internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects.”
So, a “Standard Device” is something easy to define. It’s essentially any device that you could install AntiMalware software on. As the article indicates, this includes desktops, laptops, smartphones, and tablets. Servers are not mentioned, because those are essentially really powerful desktops. This also doesn’t include network equipment like Routers, Firewalls and Switches, as those are Internet-enabled by the nature of their design.
Thus IoT would be anything and everything else that can be put on a network.
This would include Printers. Network-capable printers have been around for a long time, so why would they be considered IoT?
When you think about it, printers were designed to be plugged directly into a computer. Originally that was the only way to print anything. You needed a printer directly plugged into your computer. If you didn’t have a printer, you needed a way to get your file to a computer that had one (this was back in the old days before USB.) Businesses didn’t like the cost of buying so many printers and hassle of transferring files, so they demanded the ability to do remote printing. This lead to the creation of printer-sharing. The problem with that was it required the computer connected to the printer to remain running.
The next step was to install a network card into the printer itself and then some memory, so that it could store multiple print jobs at once and manage the requests to print without the need of a connected computer.
So why do I bring all this up? – It has to do with a recent hack that targeted 50,000 network printers. It didn’t happen just once either. The truth of the matter is printers are the original IoT device.
So why does this concern me? – Any method that an Attacker could use to gain a foothold into your network is a concern to me. Printers are a potential danger for a number of reasons:
- They have no built in Firewall or protection
- There’s no way to run a Malware scan on a printer
- They are used for years (often until they breakdown)
The assumption in the design of a Printer is that the environment they are being placed in, is perfectly secure. In case you were wondering, it isn’t.
My recommendation for dealing with this potential threat is simple: Employ Network Segmentation, a concept I have gone over in a previous Newsletter.
What you should do is acknowledge the potential threat a printer poses and lock it up in it’s own separate network. Communication between this network and the Corporate Network should only be restricted to connections with the necessary channels.
What traffic needs to go from the Corporate Network -> Printer Network?
- Print jobs
- Possibly management & monitoring traffic
What traffic needs to go from the Printer Network -> Corporate Network?
What traffic needs to go from the Printer Network -> Internet
- Possibly automatic Firmware updates
- Possibly communication to an external service for ordering materials
Assuming you set up your network communications this way, a compromised printer does not allow an Attacker any direct access to the important information in your Corporate Network. Limiting or eliminating access to the Internet also serves to help keep printers secure in the first place. A great deal of Security could be gained by the “simple” act of redesigning your network’s layout.
I put simple in quotation marks for a good reason. Redesigning a network is a great thing to do from a Security perspective. It likely doesn’t even require purchasing a lot of new hardware. Nothing more than maybe a few switches and routers, generally. Doing something like this seamlessly WOULD require an investment in time and planning. There are a lot of settings on different computers to consider, in order to make sure that work can continue with no or minimal interruption. So, just because it likely won’t require lots of new hardware, it’s not a decision to make lightly.
If you have any questions about good Network Design, you can reach out to your TRINUS Account Manager for some stress-free IT.
Your Friendly Neighbourhood Cyberman.