Is Your Information as Secure as You Think?7 Jul, 2010 By: Eric Stavola, MCSE, MCSA, N+, CIDA+ imageSource
Is Your Information as Secure as You Think?
While waiting for new info for Part 2 of our series on IT Services, due next issue, I want to address copier/printer security, a vital part of your customers’ IT planning. Over the last month the number one question that I have been asked is “How secure is our copier?” The CBS network recently ran a story on copier security that has literally made this a hot topic within our industry today.
Security has and always will be a key concern when dealing with IT/MIS personnel. In the copier & printer realm, most perceive the topic of security as simply limiting copies or prints via account codes. However, with industry hardware improvements in equipment, the addition of hard drives and vast amounts of RAM, this has created more concerns in regard to Information security.
In efforts to help develop a talk track I felt compelled to highlight a few key points when addressing “Mr. IT”. Though most assume what it is, let’s be sure we’re all on the same page.
What is Information Security?
The term information security describes the task of guarding digital information, which is typically generated by a computer or copier and stored on a hard drive or other storage media. When our information is seen as "secure," it ensures the user, or in some cases your client, that protective measures have been properly implemented.
How do I secure the data on my copier?
When talking about data on a copier or printer it helps to understand that there are two types of data:
Transitional Data – Data that is left after every copy, print, or scan.
Active Data – Data that is in some sort of storage box or document box on the HDD that the end users send it to.
Most end users know about their active data, however, the temporary or transitional data needs to be addressed and will be of concern to Mr. IT. Most manufacturers today have some type of data security kit to address this issue. Most security kits will overwrite the data anywhere from one to a number of times. In order to meet ISO 15408 certification, data needs to be overwritten 3X times.
What other measures can I take to keep my copier/printer secure?
True copier/printer security will come in the form of layers. There really is no one way to make a copier/printer 100 percent secure, however, if we utilize all the features we have available we can address the majority of Mr. IT’s concerns. An easy way to do this is by remembering the Three A’s: Access, Authentication, and Accounting.
ACCESS: This is a predetermined level of access to resources of information.
Access Talking Points:
- Access Control – Ensure that only legitimate users/traffic are allowed on the network or on network devices.
- Physical Security – Against theft, loss, manipulation, availability, and confidentiality.
Check for common & overlooked mistakes.
Set your passwords: In my experience only about 20% of users change or set the default passwords to their copier or printer web interface or hardware access.
Turn off other protocols: TCP/IP is probably the only needed protocol 99% of the time, however, I commonly see copiers and printers still utilizing other broadcast protocols when they’re not needed.
AUTHENTICATION – The positive identification of a device or individual seeking access to secured information, services, or resources on the network.
Authentication talking points:
- Encryption – Ensures data cannot be intercepted or read by anyone other than the intended party involved
- IP & MAC address filtering – this feature provides administrators with the ability to filter by IP addresses.
Overlooked mistakes with authentication:
Join the Domain: Most if not all products today have the ability to be joined to your client’s domain (Network), however, I see many do not take advantage of this option.
Use IPv6: Most all products sold today have the option, IPv6 is designed to run well on high performance networks (Gigabit Ethernet) and at the same time still be efficient for low bandwidth networks (wireless). In addition, IPv6 provides a platform for new Internet functionality and security that will be required in the near future.
ACCOUNTING – This is simply the logging of use of each resource on the network.
Accounting Talking Points:
- Limited Access: Oversight for critical devices including MFPs, printers, and scan stations.
- Tracking: Most copiers/Printers have free features that allow Mr. IT to track usage.
Take advantage of the free utilities: Most manufacturers provide an abundance of free utilities to address accounting; use them.
Almost every company you walk into today will have some type of network security policy already in place. But a great way to address any security concern is to then show all the features that your product and services have to integrate, as well as address their currently set policies – for the better.
With input, output, processing and storage features, our MFP’s and copiers have all the makeup of a computer. We simply need to tell the security story to our clients and explain all the feature rich benefits and utilities to allow for feeling “secure” - and that your product will fit into their network environment. What you will provide is layers from a hardware and software standpoint that will not only address their questions but, when explained correctly, will enhance your overall sales process.