Educause Security Discussion mailing list archives

Re: Networked Printer Best Practice

From: Gary Dobbins <dobbins () ND EDU>
Date: Fri, 23 Jan 2009 15:07:18 -0500

We did a similar arrangement with Xerox, and did find that their contemporary products have features which can make 
them safer for your data.  E.g.  automatic secure-overwrite of remnant data left on the internal drive when docs are 
scanned, or have left the print queue.  Availing ourselves of these features on existing machines was something we did 
with the help of Xerox' technical services arm, and the settings are now standard on new Xerox units delivered.

Finding a copier vendor who is aware of things like this (or sometimes, even aware that there's a windows PC buried 
inside the machine) is step one...


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Friday, January 23, 2009 3:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Networked Printer Best Practice

Some of the printer vendors have published some specific security guidance documents for their equipment.  I know Xerox 
had some good docs for theirs (http://www.xerox.com/information-security/product/enus.html) and I think I saw some from 
HP (http://www.hp.com/large/solutionhomeshared/ipgsecureprinting.html).

Most are vendor-specific or model specific.

There is an IEEE working group on the topic - http://grouper.ieee.org/groups/2600/  Unfortunately, you need a login to 
get to the draft documents.  So if it's a major issue, you can request funding to attend their Feb meeting in Hawaii  
:-)

It looks like Minnesota State wrote up a printer security standard: 
http://www.mnsu.edu/its/security/network%20attached%20printers.pdf

Depending on how you've written your general IT security standards, a lot of printing security issues may already be 
covered (must stay current on patches, no unnecessary services offered, no clear-text authentication, etc).

Interestingly, I just learned that Google has no entries for "printer security guide" or "printer security checklist", 
which was surprising.

Brad Judy
----- Original Message -----
From: Logan, Kim (loganks)<mailto:LOGANKS () UCMAIL UC EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Friday, January 23, 2009 2:11 PM
Subject: [SECURITY] Networked Printer Best Practice

Hi,

I received a call from a vendor recently asking some rather specific questions regarding security on networked 
printer/copiers.  I would like to respond with a generic security list of security best practice would require 
networked printers to have/not have,  but haven't found anything that meets the general criteria.  Does anyone have or 
know of such a list?

Thanks,

Kim

Kim Logan
Information Security Officer
CISSP
University of Cincinnati
(513)556-9070
kim.logan () uc edu

Current thread:

Networked Printer Best Practice Logan, Kim (loganks) (Jan 23)
- <Possible follow-ups>
- Re: Networked Printer Best Practice Brad Judy (Jan 23)
- Re: Networked Printer Best Practice Gary Dobbins (Jan 23)
- Re: Networked Printer Best Practice Eric Case (Jan 23)