Educause Security Discussion mailing list archives
Re: Networked Printer Best Practice
From: Gary Dobbins <dobbins () ND EDU>
Date: Fri, 23 Jan 2009 15:07:18 -0500
We did a similar arrangement with Xerox, and did find that their contemporary products have features which can make them safer for your data. E.g. automatic secure-overwrite of remnant data left on the internal drive when docs are scanned, or have left the print queue. Availing ourselves of these features on existing machines was something we did with the help of Xerox' technical services arm, and the settings are now standard on new Xerox units delivered. Finding a copier vendor who is aware of things like this (or sometimes, even aware that there's a windows PC buried inside the machine) is step one... From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Friday, January 23, 2009 3:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Networked Printer Best Practice Some of the printer vendors have published some specific security guidance documents for their equipment. I know Xerox had some good docs for theirs (http://www.xerox.com/information-security/product/enus.html) and I think I saw some from HP (http://www.hp.com/large/solutionhomeshared/ipgsecureprinting.html). Most are vendor-specific or model specific. There is an IEEE working group on the topic - http://grouper.ieee.org/groups/2600/ Unfortunately, you need a login to get to the draft documents. So if it's a major issue, you can request funding to attend their Feb meeting in Hawaii :-) It looks like Minnesota State wrote up a printer security standard: http://www.mnsu.edu/its/security/network%20attached%20printers.pdf Depending on how you've written your general IT security standards, a lot of printing security issues may already be covered (must stay current on patches, no unnecessary services offered, no clear-text authentication, etc). Interestingly, I just learned that Google has no entries for "printer security guide" or "printer security checklist", which was surprising. Brad Judy ----- Original Message ----- From: Logan, Kim (loganks)<mailto:LOGANKS () UCMAIL UC EDU> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Sent: Friday, January 23, 2009 2:11 PM Subject: [SECURITY] Networked Printer Best Practice Hi, I received a call from a vendor recently asking some rather specific questions regarding security on networked printer/copiers. I would like to respond with a generic security list of security best practice would require networked printers to have/not have, but haven't found anything that meets the general criteria. Does anyone have or know of such a list? Thanks, Kim Kim Logan Information Security Officer CISSP University of Cincinnati (513)556-9070 kim.logan () uc edu
Current thread:
- Networked Printer Best Practice Logan, Kim (loganks) (Jan 23)
- <Possible follow-ups>
- Re: Networked Printer Best Practice Brad Judy (Jan 23)
- Re: Networked Printer Best Practice Gary Dobbins (Jan 23)
- Re: Networked Printer Best Practice Eric Case (Jan 23)