How your Printer, Multifunction Printer, or Copier is going to bring down your entire network or worse.
Chapter 1:
A discussion of how the print device is really a PC.
How your Printer, Multifunction Printer, or Copier is going to bring down your entire network or worse.
Chapter 1:
A discussion of how the print device is really a PC.
There is a danger lurking inside every network. Something everyone knows is there but chooses to ignore. Today we will begin a 5-part series in which we will explore this danger, how it will be exploited, the risks, and, of course, the fix.
I want to start with a question...
Would you ever put a P.C. or Server on your network without anti-virus?
On the surface that seems like a ridiculous question. Everyone who's ever used a computer knows two things about it.
1) You should always have a back-up (several, in fact)
2) You have to run good anti-virus software
The need for anti-virus software is clear to all. With thousands, if not millions, of new malware threats each year, you would have to be a brave individual to want to take your chances against those odds. Yet each day, hardened, veteran I.T. professionals worldwide do precisely that. But they are not doing without that software on traditional computers. They are neglecting to install it on pieces of equipment we have not had to worry about— until now. Our enterprise Printers, Copiers, and MFP's.
A quick look at the typical enterprise Printer shows their entire story. Your average Printer contains:
A Motherboard, C.P.U, Memory (R.A.M), Network Interface Card, Wi-Fi, Hard Drive, Display, Keyboard, Modem, U.S.B. ports, an Operating system (firmware), and apps. It runs TCP/IP and, when necessary, can connect to the internet.
That's not a printer, in fact it’s a multi-function P.C. The only difference between this and a conventional computer is that a printer can put toner to paper. That fact makes this a huge problem worldwide. If we agree that these devices are in fact P.C.'s of a different name, then what have we been doing to protect them? The truth is not much.
The typical response I get when I challenge someone with this is information is for them to say "We're protected all of our printers are behind a firewall." While a firewall certainly helps, it's just one part of a proper defense in depth strategy. As many of you already know it will not protect against the threat you invite in.
Worse, it will not protect you from dangers that may already be lurking on the inside of your network. Perils such as the helpful parent who, unbeknownst to them, brings a corrupted thumb drive to the office. This drive has been who knows where amongst their teenage children and friends, and now it’s in the office to print off a big school report that’s due tomorrow.
There is also a bigger fundamental question at play here. If a Firewall is enough to protect us, our P.C.'s and Server from malware, why do we still use anti-virus software at all? The simple truth: it doesn't.
Unfortunately for many we are only just coming to the realization that a Printer really is a P.C. And that a firewall won’t be enough to protect us from the threat. Sadly, Hackers and Malware creators have known about this very poorly protected and regularly ignored piece of hardware for quite some time now. They are using both this knowledge and your printer as a place to garrison their exploits undetected until the right time. When an opportunity comes, they will then be used as a springboard to bigger and better targets on your network.
This article is part one in a five-part series on printer security. In part two, we will take a look at the overall threat landscape for enterprise printer and copiers.
Bruce Rushton is a Solutions Architect and Printer Security Specialist with over 30 years’ experience in the I.T. space with the last 9 years dedicated to providing Managed Print Solutions. At Total Print (TotalprintUSA.com) he helps companies across the United States by providing them with tailored, affordable, cost-cutting, secure printer, copier, and MFP solutions. If you have questions about your print environment or the security of your devices, you can request a free consultation with Bruce at bruce.rushton@totalprintusa.com