Log in

ISM Article

How to Keep Confidential Information from Falling into the Wrong Hands

20 Sep, 2002 By: BLI BLI imageSource

How to Keep Confidential Information from Falling into the Wrong Hands

In what has been described as one of the
worst cases of espionage, former FBI agent Robert Hannsen was able to carry
reams of classified documents out of FBI headquarters to awaiting Russian
handlers. How do you suppose those documents were obtained? It has been reported
that he used the ubiquitous office photocopier. Though the federal government
purchases specially manufactured office products with “Tempest” systems that
shield them so that their electronic emissions cannot be intercepted by
monitoring devices, nothing can shield an organization from moles within its
ranks. However, they can be effectively deterred.

This article presents products that offer a
level of security to fit virtually any organization's document security needs.
Whether your organization comprises 10 or 100,000 employees, steps can be taken
to prevent your business interests from being seriously undermined.

Key Vulnerabilities

First, a review of what Peter Cybuck, senior
manager, product planning and marketing, Sharp Electronics, sites as the three
major office technology “vulnerabilities,” or areas that every company
should routinely assess:

  • Memory (hard disk drive or RAM)

  • Access to the control panel

  • Network connectivity

Scan-once/print-many is a feature of digital
copiers and multifunctional products that allows a device to scan pages into
memory once and then generate multiple copies. As Sharp's Cybuck explains,
“The image data is retained in memory, potentially hundreds of pages, in
either RAM (Random Access Memory) or on the hard disk drive. RAM memory is
volatile and is automatically erased when the unit is turned on/off. The hard
drive, on the other hand, retains the data indefinitely and therefore can be

Secondly, there is the issue of who has
access to the device. Can passersby make copies, send faxes or scan-to-e-mail,
or is access restricted? Each product, whether dedicated or multifunctional,
typically offers the customer the ability to program the unit with individual or
department passcodes. Access to the device is only possible if the user enters a
valid passcode, often a four-digit number. This enables the company to track
machine usage, that is, determine exactly who is using the machine and how
often. In the case of a networked printer, access can also be controlled at the
control panel, again using a passcode, also called a PIN (Personal
Identification Number), or perhaps securing mailboxes so that they only open
upon entry of the correct passcode.

Clearly, however, it's the networked digital
products such as printers, fax machines, copiers, scanners or all-in-one MFPs
that integrate with corporate intranets and the Internet that present the
greatest security challenges. Take an MFP with scan-to-e-mail capabilities as an
example. Can users walk up to the device and scan anonymously or must they first
enter a name and password? Is the device's scan-to-e-mail function enabled via a
direct connection to a PC or is the device itself connected to the network, for
example, via an Ethernet 10/100Base T interface? Is that cable copper or fiber
optic? Signals over copper wire are easier to intercept.

With heightened concerns over network
vulnerability, IT professionals are justifiably wary about potential hackers
accessing their servers. For example, questions arise such as, “Can the data
modem within a fax-enabled digital copier/printer pose a risk to our network?”
and “Can a PostScript print job with an imbedded virus be sent to the

To help security-conscious buyers of office
equipment sort through the available security options, we have compiled the
following information on hardware and software solutions that individually or
collectively address each of these security issues. Keep in mind that these
equipment manufacturers/vendors may offer additional security features, which
space prohibits us from describing.


As Canon U.S.A. reported in a May 21st press
release, “The difference between control and chaos in the office could hinge
on a single word that appears in a printed document.”  Consequently,
Canon has just announced a new Security Kit option (SRP, $750; availability,
July) for its entire line of imageRUNNER digital imaging systems. The Canon
imageRUNNER Security Kit provides data overwrite protection that complements
standard device security and network/print protection methods.

“Government agencies, corporations and
non-profits increasingly are transitioning from traditional standalone machines
to devices that integrate these functions and link them to corporate networks,
raising a whole new era of information management and security issues,” says
Dennis Amorosano, director and assistant general manager, copier and networked
office systems division, Canon U.S.A. He adds, “Our development of features
within the Canon imageRUNNER product portfolio is designed to help prevent data
loss, help protect against unwanted device infiltration and help keep
information from being compromised.”

To address possible loss of valuable data,
the Canon imageRUNNER Security Kit permits internal software, as part of routine
job processing tasks, to configure systems to randomly overwrite internal image
server hard disks and erase previously stored data. According to Canon,
administrators can select varying levels of overwrite protection to meet desired

Additionally, all Canon imageRUNNER
products offer the following standard security features:

  • Copy control access: An embedded
    feature that permits device administrators to register up to 300 department and
    user identifications requiring password access. Device access is restricted
    without the proper I.D. and password.

  • Restricted device setup screens:
    Password protected to ensure administrative device settings are not changed.

  • Mailbox password protection: Up to
    100 user mailboxes can be used for long-term document storage or to store or
    integrate scanned and printed data. Security is provided by locking access with
    administrative passwords and the ability to designate unique passwords for
    access of individual device mailboxes. 

When used in network configurations, the
Canon imageRUNNER products offer the following enhanced standard security

  •  Enabling/disabling protocols: Specific
    device protocols and print applications can be enabled or disabled. Unwanted
    device communications and access to the system via specific transport protocols
    can be disabled, limiting access to Canon imageRUNNER systems via only those
    protocols and print applications required.

  • Print job accounting: Requires users to
    enter an administrator-defined password prior to printing to restrict device
    access to only authorized personnel.

  • Secure print: Requires the end user to
    enter a password prior to job release. When the machine receives a print job,
    the user must enter the job password to print. This ensures that the user is at
    the machine when the job is delivered.

  • Mailbox printing: Allows a job to be sent
    to an individual mailbox. Once stored in a password-protected mailbox, a user
    must enter a password to retrieve the job.


“In corporate environments, many people
are sharing one print device,” states Kurt Swanke, product planning manager,
Konica Business Technologies. Using Password Print, a feature available with
Konica's extensive line of 20-ppm to 85-ppm digital copier/printers, Swanke
says, “Corporate users, for example, human resource professionals, can print
confidential employee information without worry. Only a user with a valid user
name and password can retrieve the print job.”

Swanke explains, “Password Print is built
into the print driver (PCL or PS), making it easy for the administrator to
program the required eight-digit user names and eight-digit passwords.” In
addition to its HR applications, Swanke considers the “hold and print”
aspect of Password Print ideal for users that perform Internet research. Web
pages that are “printed” throughout the day are held in memory until the
user walks up to the printer and enters a valid user name and password. Using
Password Print in this fashion, Swanke says, “Output can be printed
selectively or in its entirety, preventing other users from reading or
scattering print jobs. Most important with this feature, financial, personnel,
medical, and other documents are kept private and confidential.”

For an added layer of security, Konica
offers an optional software/hardware solution called SafeComTM Secure Printing
System (SRP: $1,000 and up), a utility similar to Password Print, only using
128-bit encryption, so that as soon as print data enters the SafeCom system, it
is transferred between devices using encryption and key exchange mechanisms.
Swanke recommends this option for government agencies that require the highest
level of security, adding that, “Industry experts believe that it takes 30
plus years to decode a document printed with this technology, making it
virtually impossible to decode.”

SafeCom features include:

  •  Security/print-on-release (pull

  •  Tracking and accounting

  •  SafeCom Pay & Print, which turns
    printing cost into a revenue stream

  •  Secure Document distribution

  •  Manage documents and control when
    users print


“Lexmark recognizes that the increasing
need to enhance and maintain security is of global concern to its customers,”
says David Puterbaugh, product manager, networked and attached products,
Lexmark. Confidential Print, available on all Lexmark business laser printers
since 1999, is just one of a suite of Lexmark security features. A function of
printer firmware, Confidential Print requires the user to enter a valid
four-digit PIN number before either a single job or all jobs are printed (or
deleted). Similar in functionality to Konica's software-based “Password
Print,” this function ensures that only authorized users can retrieve possibly
sensitive information.

Printer hard disk drives are also an area of
vulnerability that Lexmark has addressed. “The hard drive in our printers does
not utilize recognized file formats. Instead, it is proprietary to Lexmark so,
for example, a malicious individual cannot access data by removing the hard
drive and plugging it into a Windows or UNIX operating system,” according to
Puterbaugh. He adds that, “The internal hard drives in Lexmark printers are
not easily removable, therefore an unauthorized individual seen taking the
printer apart would be most suspicious.” Lexmark has also addressed customers'
concerns about hardware theft by providing, upon request, installation of
“security screws” that have a unique star-shaped tip-one that requires a
special tool. For example school districts, where vandalism is a concern, can
use this simple method to thwart thieves.

Lexmark's Puterbaugh reminds us that, “A
printer is no longer simply a page output device. More often it is integrated
into vital networked infrastructures as a document workflow MFP capable of fax,
print, scan, and copy functionality.” This has understandably raised questions
about the security of such devices on data networks.

Lexmark has issued the following statement
regarding how it has responded to these concerns with its X series MFPs:

“The Lexmark X series of MFPs incorporate
fax transmit and receive functionality. These features may open the door for
some concerns about network vulnerability through a modem data connection. Why
is this not a security issue?

The Lexmark X series of MFPs use a Conexant
or Multi-Tech socket modem. This modem is capable of fax and data transmission.
Lexmark software disables the modem's data functionality by issuing the
AT+FCLASS=1 command at initialization and the beginning of every call. The
FCLASS=1 command sets the modem to “Facsimile Class 1” mode, which allows
fax functionality. Once this command is issued, data mode functionality is
totally disabled.

The network module and modem module are
distinct and separate entities. Lexmark's hardware and software do not provide a
direct link between the two modules.” With the physical separation of these
components, Puterbaugh states, “There is no way to infiltrate the network via
a fax modem, that is, call into an MFP to gain access to the network.”

Also on the network MFP front, Lexmark
offers server software configured to use corporate security structures that are
already in place. MFP users are required to enter their name and password via
the touch screen control panel, before access to the device is granted. IT
personnel optionally determine the extent to which they will grant or restrict
access to the various scan, e-mail or fax functions. What is key, says
Puterbaugh, is that, “Sending an e-mail is no longer anonymous, where it had
been in the past. Whether tied to NT Server attributes such as authentication
and LDAP (Lightweight Directory Access Protocol), or configured for standalone
use, the MFP will recognize who is using the system.” However, that user, the
one who just logged in with an assigned name and password, may still be copying,
scanning or faxing confidential or restricted documents, perhaps after work
hours. Transparent to the user, Lexmark's optional Document Distribution
software may perform OCR (Optical Character Recognition) on the scanned

According to Marcel Kern, product manager,
applications, “Lexmark's Document Distribution software has a powerful
scripting language that enables the network administrator to write a script to
OCR that looks for key words, for example, Confidential, Classified, etc.
Certain words or phrases trigger an e-mail alert to designated parties, for
example, the company president, MIS director and/or division manager.”


Ricoh Corporation offers removable hard
drive solutions that, according to John Theissen, Ricoh's product manager for
secure products, “Were specifically developed to meet State Department
requests for information security while using MFP products. By removing the
system's hard drive, sensitive information can be locked in a safe or vault.”

In fact, the State Department created the
security standards that define how domestic agencies, for example the Department
of Agriculture and U.S. embassies, will conduct secure practices and procure
approved technology. Those standards include a mandate that digital
copiers/printers have a removable external hard disk drive. As Theissen notes,
“Unlike analog copiers, digital copiers use internal hard drives to process
jobs and will leave an electronic image on the hard drive, images that can be
potentially retrieved and stolen.”

Ricoh Type 1045 RHD (Removable Hard Drive)
is mounted on the outside of the unit in a rugged housing that is secured by a
mechanical key lock. The RHD can be quickly removed for storage in a safe


Sharp's senior manager, product planning,
Peter Cybuck, asserts that, “Not enough attention is being paid to MFPs,
specifically the extent to which data stored on hard drives can be
compromised.” He explains, “Digital copiers and MFPs temporarily store
document data in their internal memory where pages are copied, printed, and
scanned. Anyone who gains access to that memory on the hard drive could gain
access to the documents.” To address that threat, Sharp offers a Data Security
Kit, a firmware upgrade for its IMAGER family of digital copiers, the AR-287,
AR-337, AR-407, and AR-507.

The Sharp Imager Data Security Kit reduces
the threat of someone gaining access to a document on the hard drive by
automatically overwriting the document data associated with all copy, print and
scan operations. Noteworthy is that Sharp's IMAGER Data Security Kit is the
first product to successfully complete testing and receive certification under
the U.S. government's National Information Assurance Partnership (NIAP) Common
Criteria Evaluation and Validation Scheme (CCEVS). (NIAP is a U.S. government
initiative designed to meet the security assessment needs of both information
technology developers and consumers.) In addition, this is the first product of
its kind to receive a Common Criteria (CC) validation. The Common Criteria
program is the emerging global standard for information technology security
evaluation. Having completed this evaluation, Cybuck adds, “The Data Security
Kit enables MIS professionals to safely manage and deploy digital MFP solutions
in a confidential environment.”

To secure confidential documents, Sharp
recommends the following seven-step program:

  1. Install the Data Security Kit in all
    machines used to copy, print or scan confidential information.

  2. Install the removable Hard Disk Drive Kit
    if the user handles classified government information. Assign different drives
    to different users.

  3. Secure the network interface by:

  • Upgrading the ARNC3D software to
    version 5.73. Introduced in late 2001, this version of the Ethernet card
    software enables                 

  • administrators to restrict remote access to the Ethernet card,
    for example, blocking access to hackers who might attempt to bypass network
    controls, retrieve data from the copier/printer or attempt to use it in various
    ways to launch attacks on the network.

  • Installing NC3D software version
    5.72C, which also enables administrators to restrict remote access to the

  • Using fiber optic instead of copper
    Ethernet cabling. Copper wires act like antennas radiating information. Sharp
    offers the DNICFIBER100 for customers who wish to switch to fiber.

  1. Install PAS 2.5, which is a network
    printer monitoring software that provides real time reports by user and device,
    detects unauthorized use, provides time of print, and document name.

  2. Implement access control and secure
    print. Secure Print Release, with PAS, provides print privacy. Print jobs are
    not stored on the system hard drive as in PIN printing, rather they are held on
    the network server. Sharp recommends PIN and magnetic card access control.

  3. Identify scanner users and control
    access. MFP users can often scan-to-e-mail anonymously. The optional AXIS 7000
    with keyboard and authentication requires NT server and e-mail server log-on,
    providing access control and an audit trail on the user.

  4. Track color printing. PAS 2.5 software
    will provide secure color printing while controlling access and tracking usage.


Xerox has announced the availability of an
option for selected digital copiers and multifunctional systems that permanently
eliminates electronic images from the hard drive. Dubbed an “electronic
shredder,” Xerox claims they are, “The industry's first networked digital
multifunctional systems to offer this level of protection. 

Based on the U.S. Department of Defense
three-pass overwriting process, Xerox's Image Overwrite Security option (SRP,
$995), eliminates the risk of unauthorized access to or removal of information
that remains on the hard disks (after copying, printing, scanning or faxing a
document) by obliterating data left behind. The process happens both on the
system’s main hard disk where a Document Centre system stores image data and
on the network controller hard disk where network image data is received. This
main hard disk overwrite is activated by entering a code at the system's control
panel, while the network controller hard disk overwrite occurs automatically
each time the machine is powered up.

According to Gil Hatch, president, Xerox
Office Systems Group, “Customers in government, health care, financial
services, and the pharmaceutical industry have been demanding enhanced safety
measures on their networked devices to shield personal, company and national
security data. Xerox's Image Overwrite Security option lets users protect
sensitive data without interrupting their normal workflow.”

Xerox is obtaining certification for its
Document Centre systems from the National Information Assurance Partnership (NIAP).
The standard, known as the Common Criteria (ISO 15408), has been adopted by 14
nations and is recognized worldwide as the primary measurement for IT security.

Other Xerox security solutions include:

  • A removable hard disk drive

  • A secure print feature from the

  • Xerox DocuShare, a Web-based
    document management, and repository software with network login, authentication
    and SSL (Secure Socket Layer) encryption.

  • Xerox mDoc, corporate server
    software that turns wireless handheld devices into mobile document controllers,
    is protected by authentication login and SSL encryption and has auditing
    services that log end-users' activities.

WebinarCase Studies and White PapersSand Exchange Blog

imageSource Magazine Quick Links
Upcoming Events
ITEX Expo & Conference
©2015 Questex, LLC. All rights reserved
Reproduction in whole or part is prohibited
Please send any technical comments or questions to our webmaster