Educause Security Discussion mailing list archives

Re: Securing / erasing hard drives in copiers?

From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Mon, 11 Feb 2008 12:29:13 -0700

At 10:28 AM 2/11/2008 -0500, Bruggeman, John wrote:

  I was asked by my COO to check into securing / erasing any hard drives
in photo copiers in the business office.  I can understand that with
newer copiers that have PDF and email options that they could and
probably do have hard drives, but I've not seen a protocol for that
discussed here before.  I did Google the topic and I saw a Fox News link
that I think prompted my boss asking, and some other similar reads, but
no protocol or list of "secure" photo copiers.


     Just recently was trying to get my guys to see the printers and
multi-function devices (MFD) from a secure point of view.  Digging
though my security archives for printers I found only found a few
items quickly.

     None of the ones I pulled for my guys have a protocol for
securing the internal drives or list of "secure" MFDs.  Two were
about security incidents involving printers/MFD and one (the last one
below), from UT Austin, has a "Multifunction Printer Hardening
Checklist" and a SANS white paper on "Auditing and Securing
Multifunction Devices."
-Eric


        Pictures of Osama Bin Laden on Network Printers:
<http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0309&L=SECURITY&P=R3838&I=-3>



At 03:51 PM 12/11/2007 -0600, Julian Y. Koh wrote:

We have seen a few issues where the FTP server on a printer was used to store
warez/porn content.  Been a while though.

The more complex printing devices that actually run Windows were a problem
for a while, since many of them couldn't actually be patched, but again it's
been some time since our last incident.

--
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Network Engineer                                   <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>





At 12:56 PM 12/12/2007 -0600, Nick Silkey wrote:

The InfoSec team at utexas.edu has done a lot of work poking MFPs
and analyzing the risk of the sometimes scary results ...

http://security.utexas.edu/admin/mfprinter.html
^^ Multifunction Printer Hardening Checklist

http://www.sans.org/reading_room/whitepapers/networkdevs/1921.php
^^ Auditing and Securing Multifunction Devices

--
Nick Silkey | silkey () ece utexas edu
Senior Operating Systems Specialist
Electrical & Computer Engineering
The University of Texas at Austin
ENS 340 | 512.475.8284 | 0x35EB31E2




Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436

Current thread:

Securing / erasing hard drives in copiers? Bruggeman, John (Feb 11)
- <Possible follow-ups>
- Re: Securing / erasing hard drives in copiers? Gary Dobbins (Feb 11)
- Re: Securing / erasing hard drives in copiers? Joel Rosenblatt (Feb 11)
- Re: Securing / erasing hard drives in copiers? Eric Case (Feb 11)
- Re: Securing / erasing hard drives in copiers? Brad Judy (Feb 11)