New MFP Security: imageRUNNER ADVANCE III
With the increase in built-in functions, office MFPs have long gone beyond trivial scanning / printing. Now they have turned into full-fledged independent devices integrated into high-tech local and global networks connecting users and organizations not only within the same office, but around the world.
In this article, together with the expert on practical information security Luka Safonov LukaSafonov, we will consider the main threats to modern office MFPs and ways to prevent them.
Modern office equipment has its own hard drives and operating systems, thanks to which MFPs can perform a wide range of workflow tasks on their own, removing the load from other devices. However, such high technical equipment has a downside. Since MFPs are actively involved in transmitting data over the network, without proper protection, they become vulnerabilities in the entire network environment of the organization. The security of any system is determined by the degree of protection of the weakest link. Therefore, any costs of protective measures for the servers and computers of the enterprise become meaningless if a loophole through the MFP remains for the attacker. Realizing the problem of protecting confidential information, Canon developers have increased the security level of the third version of the imageRUNNER ADVANCE platform, which will be discussed in the article.
There are several potential risks associated with the use of IFIs in organizations:
- Hacking the system through unauthorized access to the MFP and use as a "reference point";
- Using an MFP to exfiltrate user data;
- Interception of data when printing or scanning;
- Access to the data of persons without appropriate access;
- Access to printed or scanned confidential information;
- Access confidential data on end-of-life devices.
- Sending documents by fax or e-mail to the wrong address intentionally or as a result of a typo;
- Unauthorized viewing of confidential information stored on unprotected MFPs;
- A common stack of printed jobs belonging to different users.
“Indeed, modern MFPs often have enormous potential for an attacker. Our project experience shows that non-configured devices, or devices without an appropriate level of protection, give attackers a huge opportunity to expand the so-called “Surface attack”. This is getting a list of accounts, network addressing, the ability to send email messages and much more. We’ll try to find out if the solutions offered by Canon are able to mitigate these threats. ”For each type of vulnerability, the new imageRUNNER ADVANCE platform provides a range of complementary activities that provide multi-level protection. It should be noted that the development required a specific approach due to the specifics of the work of the IFIs. When printing and scanning documents, information is transferred from digital to analog or vice versa. Each of these types of information requires fundamentally different ways to provide protection. Usually at the junction of technology, due to their heterogeneity, the most vulnerable spot is formed.
“Often, MFPs are easy prey for both Pentesters and intruders. As a rule, this is due to a negligent attitude to the configuration of such devices and their relatively easy availability, both in the office environment and in the network infrastructure. Of the recent cases, a significant attack occurred on November 29, 2018, when a Twitter user, under the pseudonym TheHackerGiraffe, “hacked” more than 50,000 network printers and printed leaflets urging them to subscribe to a certain PewDiePie YouTube channel. At Reddit, TheHackerGiraffe stated that he could have compromised more than 800,000 devices, but limited it to only 50,000. At the same time, the cracker emphasized that the main problem was that he had never done anything like this before, but he only took all the preparations and the hack from him half an hour".When Canon develops technologies, products, and services, its potential impact on customers ’work environments is considered. That is why Canon office multifunction printers are equipped with a wide range of built-in and additional security features that allow companies of any size to achieve the required level of protection.
Canon uses one of the most stringent security check modes in the entire office equipment industry. The technologies used in the devices are tested for compliance with company standards. A lot of attention is paid to security audits with current examinations, which resulted in positive feedback on the operation of devices from companies such as Kaspersky Lab, COMLOGIC, TerraLink, JTI Russia and others.
“Despite the fact that in modern realities it is logical to increase the safety of their products, not all companies follow this principle. Companies are starting to think about protection after the facts of hacking (and pressure from users) of certain products. On this side, Canon’s solid approach to implementing security methods and measures is indicative. ”
Unauthorized access to MFPs
Very often, unprotected MFIs are one of the priority goals of both internal violators (insiders) and external ones. In modern realities, the corporate network is not limited to one office, but includes a group of divisions and users with different geographical locations. Centralized workflow requires remote access and the inclusion of an MFP in a corporate network. Network printing devices belong to the Internet of things, and their protection is often not given due attention, which leads to a common vulnerability of the entire infrastructure.
The following measures have been implemented to protect against such threats:
- IP and MAC address filter - configure permission to communicate only with devices that have specific IP or MAC addresses. This function regulates the transfer of data both within the network, so the output beyond its limits.
- Proxy server configuration - thanks to this function, you can delegate the management of MFP connections to the proxy server. This feature is recommended when connecting to devices outside the corporate network.
- IEEE 802.1X authentication is another protection against connecting devices that are not authorized by the authentication server. Unauthorized access is blocked by the LAN switch.
- Connection via IPSec - protects against attempts to intercept or decrypt IP packets transmitted over the network. Recommended for use with optional TLS communication encryption.
- Port Management - designed to protect against insider assistance to cybercriminals. This function is responsible for configuring the configuration of port parameters in accordance with the security policy.
- Automatic certificate registration - this feature gives system administrators a convenient tool for automatically issuing and updating security certificates.
- Wi-Fi direct - this function is designed for safe printing from mobile devices. To do this, the mobile device does not need to be connected to the corporate network. Using Wi-Fi direct, a local device-to-device MFP connection is created locally.
- Log monitoring - all events related to the use of MFPs, including blocked connection requests, are recorded in various system logs in real time. By analyzing the records, you can detect potential and existing threats, build a preventive security policy and conduct an expert assessment of an information leak already occurred.
- Data encryption when interacting with the device - this option encrypts print jobs when they are sent from a user PC to a multifunction printer. You can also encrypt scanned data in PDF format by activating a universal set of security features.
- Guest printing from mobile devices. Secure network printing and scanning management software eliminates frequency issues associated with secure printing from mobile devices and guest printing by providing external ways to send print jobs such as email, the Internet, and a mobile application. This ensures that the MFP works with a safe source, minimizing the chance of hacking.
“Sharing such devices in addition to convenience and cost reduction entails risks of access to third-party information. This can be used not only by attackers, but also by unscrupulous employees to extract personal profit or obtain insider information. And the great potential of the processed information - from technological secrets to financial documentation - is a significant priority for attack or illegitimate use. ”An innovation of the new version of the imageRUNNER ADVANCE platform is the ability to connect printing devices to two networks. This is very convenient when the MFP is used simultaneously in corporate and guest mode.
Hard disk data protection
A multifunction printer always stores a large amount of data that needs to be protected, from print jobs in the queue to received faxes, scanned images, address books, activity logs and job history.
In fact, the disk is only temporary storage, and finding information on it for longer than necessary time increases the vulnerability of the corporate security system. To prevent this from happening, in the settings you can set the rules for cleaning the hard disk. In addition to the fact that print jobs are cleared immediately after execution or when printing fails, other files can be deleted on a schedule with cleaning of residual data.
“Unfortunately, even many IT professionals are poorly aware of the role of the hard drive in modern printing devices. The presence of a hard drive can significantly reduce the duration of the preparatory phase of printing. Hard disks typically store system information, image files, and rasterized images for printing copies. In addition to improper disposal of MFPs and the possibility of data leakage, there is a possibility of dismantling / theft of the hard disk for analysis, or conducting specialized attacks to exfiltrate data, for example using the Printer Exploitation Toolkit. "Canon devices offer a range of tools to protect data at all stages of the device's life cycle, as well as to preserve their confidentiality, integrity and availability.
Much attention is paid to data protection on the hard drive. The information stored there may have varying degrees of confidentiality. Therefore, on all 26 models of devices within 7 different series of the new version of the imageRUNNER ADVANCE platform, HDD encryption is used. It complies with the FIPS 140-2 Level 2 security standard adopted by the US government, as well as the Japanese equivalent of JCVMP.
“It is important to have a system of access to information that takes into account user roles and access levels. For example, in many companies the discussion of salaries among employees is strictly prohibited, and the leak of a salary sheet or bonus information can provoke a serious conflict in the team. Unfortunately, I know of such cases, in one of them this led to the dismissal of the employee responsible for such a leak. "
- Hard Drive Encryption. ImageRUNNER ADVANCE devices encrypt all data on your hard drive for increased security.
- Hard disk cleaning. Some data, such as data from copied or scanned images, as well as data from documents printed from a computer, is stored on the printer’s hard disk for a limited time and is deleted after completing the corresponding task.
- Initialization of all data and parameters. To prevent data loss when replacing or disposing of a hard disk, you can overwrite all documents and data on the hard disk, and then reset to the default values.
- Backup hard drive. Companies were able to back up data from the device’s hard drive to an optional hard drive. When backing up data on both hard drives are fully encrypted.
- A set of removable hard drive. This option allows you to remove the hard drive from the device for safe storage while the device is not in use.
Critical Data Leak
All companies deal with confidential documents such as contracts, agreements, accounting documents, customer data, development department plans, and much more. In the event that such documents fall into the wrong hands, the consequences can range from undermining the reputation to large fines or even lawsuits. Attackers can gain control over company assets, insider or confidential information.
“Not only competitors or scammers are stealing valuable information. There are frequent cases when employees decided to develop their business or secretly earned money by selling information to the side. In such situations, the printer becomes their main assistant. Any data transfer within the company is easy to track. Moreover, access to valuable information is far from ordinary employees. And what could be easier for the average manager than to steal a valuable document lying idle? Everyone will cope with such a task. Printed documents do not always need to be moved outside the organization. It’s quick enough to photograph the materials lying around idle on a phone with a good camera. ”
Canon offers a range of security solutions to help you protect sensitive documents throughout their life cycle.
The user can set the print PIN so that printing of the document starts only after entering the correct PIN on the device. This protects confidential documents.
“Often, MFIs can be seen in public places of the organization - for the convenience of users. It can be halls and meeting rooms, corridors and reception rooms. Only the use of identifiers (PIN codes, smart cards) will guarantee the safety of information in the context of a user access level. There are noteworthy cases when users gained access to previously sent documents, passport scans, etc. as a result of inadequate control and lack of data cleansing functions. ”On the imageRUNNER ADVANCE device, the administrator can pause all submitted print jobs - thus, for printing, users will need to log into the system, thereby protecting the confidentiality of all printed materials.
Print jobs or scanned documents can be stored in mailboxes for access at any convenient time. Mailboxes can be PIN-protected so that only designated users can access their contents. Frequently printed documents (for example, forms and forms) that require careful handling can be stored in this secure space on the device.
Full control over sending documents and faxes
To reduce the risk of information leakage, administrators can restrict access to various destinations, for example, those that are not in the address book on the LDAP server, which are not registered on the system or on a specific domain.
To prevent sending documents to the wrong recipients, it is necessary to disable autocomplete email addresses.
Setting a PIN code for protection will protect the device’s address book from unauthorized users доступа.
Requesting to re-enter the fax number by users will prevent documents from being sent to the wrong recipients.
Protecting documents and faxes in a confidential folder or PIN will ensure reliable storage of documents in memory without printing them.
Verification of the source and authenticity of the document
The signature of the device can be added to scanned documents in PDF or XPS using the key and the certification mechanism - this way the recipient can verify the source and authenticity of the document.
“In an electronic document, an electronic digital signature (EDS) is its attribute, intended to protect this electronic document from forgery, and allows you to identify the owner of the signature key certificate, as well as to establish the absence of distortion of information in the electronic document. This ensures the safety of the transmitted document and the accurate identification of its owner, which allows you to maintain the accuracy of the information. "User Signature allows you to send PDF or XPS files with a unique digital user signature received from a certification company. In this way, the recipient will be able to verify who has signed the document.
Integration with ADOBE LIFECYCLE MANAGEMENT ES
Users can protect PDF files and apply uniform and dynamic policies to them to control access and use rights, as well as protect confidential and valuable information from inadvertent or malicious disclosure. Security policies are supported at the server level, so the rights can be changed even after the distribution of the file. ImageRUNNER ADVANCE devices can be configured to integrate with Adobe ES.
Secure printing uniFLOW MyPrintAnywhere - is sending print jobs through the universal driver and printing them on any network printer.
Drivers allow you to print visible marks on the page that are placed on top of the contents of the document. This can be used to inform employees about the confidentiality of a document and prevent it from being copied.
Printing / copying with invisible watermarks - documents will be printed or copied with embedded hidden text on the background, which will appear when creating a duplicate and play the role of a deterrent.
The capabilities of NTware's uniFLOW software (part of the Canon group of companies) provide additional effective workflow security tools.
Using uniFLOW in combination with iW SAM Express allows you to digitize and archive documents sent to the printer or received from the device, as well as analyze text data and attributes when responding to security threats.
Tracking the source of a document through inline code.
Block scanning of documents - this option embeds hidden code in printed documents and copies, which prevents their further copying on the device on which this function is activated. The administrator can use this parameter for all tasks or only tasks selected by the user. TL and QR codes are available for embedding.
“As a result of tests and familiarization with the functionality of the imageRUNNER ADVANCE III technology, we were able to confirm the basic compliance with modern IT security policies. The above protective measures meet the basic security requirements and are able to minimize the risks of information security breaches. ”
The latest imageRUNNER ADVANCE devices are equipped with a security policy function that allows the administrator to manage all security settings in a single menu and edit them before being used as a device configuration. After use, the use of the device and the change of parameters must occur in accordance with this policy. The security policy can be protected with a separate password so that it provides additional management and protection capabilities, and access to it was only available to a responsible IT security specialist.
“It is necessary to find and maintain a balance between security and convenience, correctly using technological advances and technical solutions to protect information, use qualified personnel and skillfully dispose of the funds provided to ensure the company's security.”Assistance in preparing the material - Luka Safonov, head of the Laboratory for the practical
analysis of security, Jet Infosystems.
Only registered users can participate in the survey. Please come in.
How comprehensive is your corporate security approach?
- 83.3% Corporate Security Policy applies to the fleet of multifunction devices 5
- 33.3% The company's fleet of printing devices ensures the safe use of users' personal devices 2
- 33.3% The company ensures the relevance of the print infrastructure, as well as the timely and efficient installation of patches and updates 2
- 16.6% Company guests can print and scan without putting their corporate network at risk 1
- 50% The IT department of the company has enough time to address security issues 3
- 33.3% Company found a balance between security and usability 2