There's been a lot of talk about the Internet of Things lately, and how having billions of connected devices represents a major challenge in fending off security threats, given the expanded attack surface and the lack of a coordinated effort to work on IoT security standards. While these non-PC connected devices might be perceived as low risk and of little value to hackers, they are leveraged as gateways into entire networks or as instruments of attack.
You might recall when last October a significant portion of the web was brought down to its knees after popular DNS provider, Dyn, was flooded with fake traffic. The culprit? A botnet dubbed Mirai which was made up of compromised DVRs, surveillance cameras, and other Internet-enabled embedded devices. Dyn estimated that the attack involved "100,000 malicious endpoints" and was roughly twice as powerful as any similar attack on record.
If anything, the upside of that high profile attack was the raised awareness and the important conversation it sparked around the millions of devices being put online with little to no security protection. One device that’s often left out of this conversation, however, is the printer.
One device that’s often left out of this conversation is the printer.
Last month HP invited us to a Print Security Open House held at their Palo Alto headquarters as part of a series of efforts to raise awareness on this matter. Come to think about it, they’re caught in something of a dichotomy: when your printing division is easily your biggest profit engine, you don’t necessarily want to be telling people that printers represent a major threat vector on their networks if not properly managed, but at the same time you can’t simply ignore the problem.
It’s not that printers are bad, but a series of factors make them perfect targets for hackers. For one thing, today's advanced printers — particularly multi-functions — are powerful computing devices containing microprocessors, memory, data storage, networking interfaces and an operating system. They also ship with a multitude of open ports for compatibility and default passwords.
And yet printing security isn’t high up the list of priorities when it comes to corporate data security. IT administrators often underestimate the potential for damage from a printer hack, and that it can be the entry point to the entire corporate network.
Anyone is a target
During one of the talks, hacker Michael Calce, aka MafiaBoy, spent some time explaining the mindset of a hacker and how they are not coming through your front door, but rather through walls or under the floor. He would know — although Calce today has switched sides to the world of ethical hacking doing penetration testing for companies like HP and others, he rose to hacker fame in 2000 at age 15 when he took down Yahoo, CNN, eBay, Dell and Amazon using a DDoS attack of unprecedented magnitude at the time.
You usually hear about major breaches, but the takeaway I got is that no company large or small should work under the assumption that they are unlikely targets for hackers — if your network endpoints are not secure you can get your data compromised and your devices leveraged for a larger end game. The Target breach comes to mind, which began with the theft of credentials of an HVAC contractor and attackers patiently worked their way to the very heart of the retailer’s payment systems.
Attackers seize on the lack of attention given to devices on a network — devices that aren’t promptly patched for known vulnerabilities, are deployed without changing default passwords, and are left virtually unmonitored. A lot of times printers fall squarely into this category.
A good place to start
HP offers a range of industry-leading security features in its Pro and Enterprise series printers that can monitor, detect and stop an attack, then self-validate software integrity in a reboot. The JetAdvantage Security Manager software also makes it easier to deploy security policies across a printer fleet.
But beyond product specific solutions there are several things you can do to start giving printers on your network the same level of attention as other computing devices and peripherals.
- Beware of default passwords: The single most dangerous mistake made by organizations is failing to change the default passwords and leaving the management interface open to anyone with a browser. Managing passwords can be a challenge in organizations with huge printer fleets, but if you’re going to do just one thing about the security of your printers on the network, it should be this.
- Shut off any unneeded services: Most organizations do not need FTP or Telnet access to their printers, but for compatibility reasons, printers usually ship with a multitude of open ports. Shore up the management protocols used for the printer and use something that provides encryption, like HTTPS or SSH. You can also consider putting your printers on their own private VLAN to isolate print traffic from the rest of your systems.
- Maintain and patch: This should go without saying but maintaining and patching printers against known vulnerabilities will make you a harder target. Only download updates directly from a trusted source.
- Make your users aware of print security risks: Educating employees on security policies and best practices can go a long way in preventing social engineering attacks, being more cautious about attachments, documents, and links they receive and following company procedures when printing sensitive information.
This is a sponsored post brought to you in collaboration with HP.
You can learn more about Print Security and what HP is doing in this space. #reinventsecurity