Auditing Security Controls of Printers, Scanners, and Multifunction Devices

dingdongboomΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 4 χρόνια και 16 μέρες)

104 εμφανίσεις

Auditing Security Controls of Printers, Scanners,

and Multifunction Devices

2010 NSAA IT Workshop and Conference

Brian Rue

Chris Gohlke

Presentation Agenda


1
st

Half


MFD Functions/Services & Security Weaknesses



2
nd

Half


Preparing a MFD Audit Program

In the Beginning…

Chester Carlson with the first
xerographic apparatus

30’s

Not much to audit

Manual process


Thermal Paper Transfer

Still not much to audit…..

The 50’s

Xerox 914 was the
first plain paper
photocopier using the process of
Electro
-
photography

No USB/No Tape
Drive/No Hard
drive/It did come
with a fire
extinguisher due
to heat &
ignition issues

The 60’s

CPU/ Memory


Tape Drive
added..


Printer/Copier/Scanner/FAX


Wired Network Connectivity


Wireless Networking Wi
-
Fi/Bluetooth


Removable Memory


Hard Drives


Operating System


Web Server


User Accounts


Remote Access


Landline Connection


Scan to Network Share or PC


E
-
mail Integration


Web Submission of Print
Jobs


Web Browser


The 2000’s

The CBS News Story
Video

Understanding the MFD

MFD>A Server with a Glass Top

MFD Hardware Components


1. Central Processing Unit (CPU)


2. Memory (ROM/RAM/FLASH)


3. Hard Drive


4. Network Card


5. ABGN Wireless Radio


6. Bluetooth Radio


7. USB Connection


8. Analog Modem


9.Multicard Memory Reader


10. LCD/LED Screen


MFD Breakdown

MFD Software


Operating System
-
GNU/
Linux
, VxWorksS,
Windows NT
4.0 Embedded
, Windows
XP Embedded
, Mac OS
X,
Sun
Solaris, or Vendor Proprietary OS



Print Engine/Controllers


May be supported by
secondary OS



Database

(PostGreSQL
+)



Drive

File System (NTFS/FAT)



Additional Applications
(Document Management
-
Optical Character
Recognition or PDF conversion, Software Development Kits


Sharp OSA,
Xerox EIP, HP Open Extensibility Platform, Web Server)


MFD Software Security Issues


Security patches not applied to
operating system
and
services with discovered vulnerabilities



No
vendor support

for security
patches for proprietary OS
and application software



No change management procedures



Software or Operating system vulnerabilities may be used
to elevate privileges



Memory storage (hard drive, ROM/RAM, flash drive)
unencrypted by default


Hard drive stores spooled and processed jobs in clear text


MFD
memory stores documents in clear text during and after
processing by default


MFD Services


Apache Web Server



Remote
Access
(Telnet,FTP,HTTP,SNMP
)



Bytecode interpreters or virtual
machines
for internally hosted third
party
applications



Network
service clients
for sending of
documents to different
destinations



Network
service servers

for receiving
documents for print or
storage



Image processing services

MFD Services Security Issues


Unneeded
services
left on increasing the
number of potential attack points into the
MFD



Services with security vulnerabilities not
patched



No/limited logging of service activity


MFD Network Communications


Common Open Ports/Protocols


HTTP 80/TCP


SNMP 161/UDP


LPD Printing 515/TCP


PDL Printing 9100/TCP


Protocols


AppleTalk


Internet Printing Protocol


PCL


HPPCL Printing
Protocol


Telnet


IPX/SPF


FTP


TCP/IP


MFD Network Communication
Security Issues


No firewall rule set for ingress (traffic into the
MFD) or egress (traffic out of the MFD) filtering



MFD does not support entity PKI strategy
(no
support for CA certificates)



Print/fax/scan
jobs transmitted over
network/Internet in clear
text



Unneeded
protocols and ports
left
open which
increase the number of attack vectors



MFD Wireless Access


Wi
-
Fi


WEP


WPA


WPA
-
PSK


WPA
-
Enterprise


WPA2


WPA2
-
PKS


WPA2
-
Enterprise


No Encryption


Bluetooth


Prior
to Bluetooth v2.1, encryption is not required and
can be turned off at any time.


MFD Wireless Security Issues


Unencrypted wireless
connections
transmitting documents in clear text
(potential
for intercepting documents in the air)




Potential remote attack access point into the
MFD

Fax Services


Fax to memory (disk/disk share)


Hardcopy fax printouts


PSTN


analog phone modem

MFD Fax Services Security Issues


Faxes auto print
in
an unsecured area



No
authorization required to verify recipient before
releasing
fax



Faxes held in unencrypted memory after
print



Lack
of logical separation of analog modem
from LAN
(Ability to enter LAN from modem
connection)



Drive Shares


Network Drive Share



PC/MAC Share



Printer Hard Drive Share

MFD Shares Security Issues




No auditee procedures for configuring drive
shares



Undocumented
drive
shares



Shares
setup without encryption


MFD
Management

1.
Device Console

2.
Web Interface

3.
Network
client/server
enterprise
management
application

MFD Management Security Issues


Physical Consoles on MFDs Setup Without
Pass
Codes


Default Web Interface may not require
password


Most devices not configured with
user or group
accounts to authenticate and authorize


Limited
to no logging of user activity (console
logons, patching, administrative functions)




MFD Repair Procedures

Physical Security




Surplus Device
Procedures


1. Clean Printer
Configuration Files


2. Wipe Drives/Memory


3. Ensure no Sensitive
Paper Copies on Glass or in
Machine (legacy paper
jams)

MFD Certifications/Acts/Contractual Obligations


National Security Telecommunications and
Information Systems Security Policy (NSTISSP) #11


DOD Directive 8500.1


Common Criteria (EAL1 to EAL4)


Gramm

Leach

Bliley
Act (
GLB
)


Health Insurance Portability and Accountability
(HIPAA)


Payment Card Industry


Data Security Standard


Potential Components of an MFD
Audit Program


Network/Server


Shares


Wireless


Access Controls


Physical Security


Encryption


Surplus


Contracts/Leasing


Policies and Procedures

A Majority of Which Fall Into Your
Normal IT Audit Program

MFD
Audit
Program

IT Audit
Program

Since you probably won’t get a ton of
audit hours for MFD’s……

Obtain an Understanding and
Assess the Risk


Get an inventory listing


Inquire


Observe



Get manuals


Search online for common vulnerabilities

Physical Security


Does the unit have a locking compartment for
the hard drive, etc?


Is there a physical reset button that will
restore the unit to factory default? Is it
secured?


Is the entire unit secured in place, or could it
be wheeled out of the building?


Is output secured?

Device Controls


Strong password controls at the console?


Settings/administration locked down to authorized
individuals?


Is the web interface turned on? Does it need to be?


Are unneeded network services turned on?


Is wireless on? Does it need to be? Is it secure?


Logs kept/reviewed of administration functions?


Are the logs secured?


Are there security patches for the device and if so are
they checking for them and applying them in a timely
manner?

Data Controls


Does the device have an option for
encrypting/automatically wiping copies after a
job prints?


Did they pay for it?


Is it turned on?


If not, why? Do they have a compensating
control?

Surplus


Did they lease or purchase?


If leased, what rights do they have to wipe the
drive? Is it user accessible? Are you going to
be able to audit it?


If purchased, do MFDs fall under their normal
PC surplus policies for having devices wiped?


What about when the device is serviced or
parts replaced?

Policies and Procedures


As always, the above should be covered by a
policy and procedure.

Multifunction Device Resources

http://h20338.www2.hp.com/enterprise/downloads/NIST%20SUBMITTED%20Configuring%20Security%20for%20Multiple%20LaserJet,%20Color
%20
LaserJet,%
20and%20Edgeline%20MFPs.pdf

http://
www1.lexmark.com/documents/en_us/1_SecurityBrochure.pdf

http://
www.office.xerox.com/latest/SECBR
-
03UA.PDF

http://
www.aot
-
xerox.com/fi l es/content/MFPsecuri ty.pdf

Questions?