Colleges and universities have been targeted in the last several weeks with a series of bomb threats received via campus printers and fax machines. Targeted institutions included Vanderbilt University, the University of Southern California, the University of Virginia and the University of Detroit Mercy, among others.

Businesses were also among the targets. Around 100 organisations in all received print-outs, faxes or emails demanding that a $25,000 ransom be paid to a Brazilian citizen to avoid detonation of explosives allegedly planted on the sites. The police determined that the “form letter” threats were part of a hoax and not credible.

The situation highlights the need to proactively secure access to printers in today’s networked world. SourceSecurity.com asked Ashish Malpani, Director, Embedded Solutions Product Marketing at HID Global, for insights from a technology perspective.

SourceSecurity.com: What are the best practices for securing access to a printer? How widely employed are such practices (i.e., how vulnerable are most printers today?)

Ashish Malpani: Most network printers in university environments are secured using several best practices. They include:

  • Set a strong administrator password. Modern MFPs (multi-function printers) have a web interface for configuration and control. By default no password is set so it is important to set a strong admin password.
  • Restrict network access to campus. Ensure that only campus IP addresses are able to access the printer.
  • Disable unnecessary services. Disable services like FTP, Telnet, other network (and discovery) protocols, etc.
  • Implement firmware updates.
  • Securely dispose of MFPs.

A recent scan at University of Nebraska at Lincoln found that, in spite of all security practices, 12 percent of printers still have open port and password issues.

SourceSecurity.com: How can systems be set up to accommodate students who need access to printers from off campus (or outside the firewall)?

Malpani: In the university environment, the need for off-campus print access is prevalent. One of the ways to enable this capability is to force students to connect to the university network using a virtual private network (VPN). However, this is inconvenient and doesn’t usually support printing on demand or printing from handheld devices and cloud storage.

An effective way to address this issue is to deploy a secure printing solution, where the users are required to authenticate themselves before the print job is released to the printer from a centralised pool. The benefits of this approach are increased convenience and ability to print at any printer on the campus. However, most printer manufacturers support entering a PIN for authentication, and it is not necessarily secure or convenient when you want faster access. However, new innovations in secure printing have made the printers more identity-aware and rely on everyday devices such as mobile phones and wearables for authentication, resulting in secure and convenient access.

SourceSecurity.com: Whose responsibility is the security of a printer? Should manufacturers be doing more to prevent unauthorised access to printers? What is the customer's role?

Malpani: IT security staff is responsible for the security of the printer. Something as simple as a printer is expected to work right away after deployment. Manufacturers can do more to enforce security policies on the printer or provide modes that enforce stricter control by default. As a customer, it is critical to have print data security as part of security policy, to review the manufacturer’s recommendations for securely configuring a printer, and to find solutions that not only enhance the security but also provide convenience to end users.

It is critical to develop a comprehensive security policy and regular audit schedule to secure printers
A compromised printer can be used to attack other applications, execute arbitrary malicious code or attack other systems

SourceSecurity.com: What are some other ramifications of unsecured printers, beyond the printing of threatening materials as we have seen recently on college and university campuses?

Malpani: Today’s MFPs are more than just printers. They are file servers, they can email, act as DHCP (Dynamic Host Configuration Protocol) servers, and have the capacity to hold large data sets. Unsecured printers risk misuse and data disclosure. In January of this year, a team of researchers from Ruhr-Universität Bochum in Germany exposed vulnerabilities of major MFPs, such as exploiting the PostScript and Printer Job Language (PJL) vulnerabilities to get access to the data on the printer’s files system and memory.

SourceSecurity.com: How does the problem of unsecured printers relate to wider issues of network security (given that most printers are now networked)? What is the risk that printers might be vulnerable as an entry point to the larger network?

Malpani: In addition, a compromised printer can be used to attack other applications, execute arbitrary malicious code or attack other systems (e.g., to launch a denial of service attack on the network).

SourceSecurity.com: How does the risk of unsecured printers impact the business world or other markets (in addition to college campuses)? How are the security measures different in various environments?

Malpani: The security challenges are the same in business environments but, other than the financial industry, most other businesses do not pay close attention to threat vectors emerging out of print data security. IT security departments are also concerned about network security, and the facilities worry about building security, paying little attention to the security of business systems like printers, elevators, HVAC systems etc. Businesses are increasingly turning to managed print service (MPS) providers to ensure compliance, data security as well as management of accessories like print cartridges.

SourceSecurity.com: What's your best advice for customers in terms of what they should do to secure their printers?

Malpani: First of all, know your customer, understand their needs and what capabilities they desire from the printing systems today. The next generation of students value convenience over privacy and security. So the IT departments across universities need to think about how to meet the needs of their customer while ensuring best practices for security and compliance.

It is critical to develop a comprehensive security policy, a regular audit schedule, to secure printers according to manufacturer’s recommendation, and to invest in solutions like secure print that not only provide convenience but also enhance security. Identity-aware systems definitely handle the challenges more effectively than traditional practices going forward. So it is important that the solutions we invest in also take into account the future trends in authentication and printing.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Moving to sophisticated electric locking
Moving to sophisticated electric locking

In part one of this feature, we introduced the shotbolt – a solenoid actuator – as the workhorse at the heart of most straightforward electric locking systems. Shotbolts remain at the core of most sophisticated electric locking solutions as well. But they are supplemented by materials and technologies that provide characteristics suited to specialist security applications. Here we look at some more demanding electric locking applications and contemporary solutions. Preventing forced entry Where the end of the shotbolt is accessible, the electric holding force can be overcome by physical force. That’s why anti-jacking technology is now a frequent feature of contemporary electric solenoid lock actuators. Anti-jacking, dead-locking or ‘bloc’ technology (the latter patented by MSL) is inherent to the way the locking assembly is designed to suit the requirements of the end application. The patented bloc anti-jacking system is highly effective and incorporated into many MSL shotbolts deployed in electric locking applications. The bloc technology uses a ring of steel balls in a shaped internal housing to physically jam the actuated bolt in place. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm Real life applications for MSL anti-jacking and bloc-equipped shotbolts include installation in the back of supermarket trucks to secure the roller shutter. Once locked from the cab, or remotely using radio technology, these shutters cannot be forced open by anyone with ‘undesirable intentions’ armed with a jemmy. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm. While anti-jacking features are an option on these shotbolts, consideration was given to the construction materials to provide durability in saltwater environments. Marine locks use corrosion-proof stainless steel, which is also highly polished to be aesthetically pleasing to suit the prestigious nature of the vessel while hiding the innovative technology that prevents the lock being forced open by intruders who may board the craft. Rotary and proportional solenoids sound unlikely but are now common A less obvious example of integrated technology to prevent forced override is a floor lock. This lock assembly is mounted beneath the floor with round-top stainless-steel bolts that project upwards when actuated. They are designed to lock all-glass doors and are arguably the only discreet and attractive way to lock glass doors securely. In a prestigious installation at a historic entranceway in Edinburgh University, the floor locks are remotely controlled from an emergency button behind the reception desk. They act on twin sets of glass doors to quickly allow the doors to close and then lock them closed with another set of subfloor locks. No amount of stamping on or hitting the 15mm protruding bolt pin will cause it to yield, thus preventing intruders from entering. Or leaving! Explosion proofing In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosion. For example, remote electric locking is used widely on oil and gas rigs for stringent access control, general security and for emergency shutter release in the event of fire. It’s also used across many industrial sectors where explosion risks exist, including flour milling, In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosionpowder producers, paint manufacture, etc. This adds a new dimension to the actuator design, demanding not only intrinsically safe electrical circuits and solenoid coils, but the careful selection of metals and materials to eliminate the chance of sparks arising from moving parts. Resilience under pressure The technology boundaries of solenoids are always being pushed. Rotary and proportional solenoids sound unlikely but are now common. More recently, while not directly related to security in the traditional sense, proportional solenoid valves for accurately controlling the flow of hydrogen and gases now exist. Magnet Schultz has an extensive and somewhat innovative new range of hydrogen valves proving popular in the energy and automotive sectors (Fig. 2-6). There’s a different kind of security risk at play here when dealing with hydrogen under pressures of up to 1050 bar. Bio security Less an issue for the complexity of locking technology but more an imperative for the effectiveness of an electric lock is the frequent use of shotbolts in the bio research sector. Remote electric locking is commonplace in many bioreactor applications. Cultures being grown inside bioreactors can be undesirable agents, making 100% dependable locking of bioreactor lids essential to prevent untimely access or the unwanted escape of organisms. Again, that has proven to be topical in the current climate of recurring coronavirus outbreaks around the world. More than meets the eye In part one, I started by headlining that there’s more to electric lock actuation in all manner of security applications than meets the eye and pointed out that while electric locking is among the most ubiquitous examples of everyday security, the complexity often involved and the advanced technologies deployed typically go unnoticed.Integrating the simplest linear actuator into a complex system is rarely simple For end users, that’s a very good thing. But for electro-mechanical engineers designing a system, it can present a challenge. Our goal at Magnet Schultz is to provide a clearer insight into today’s electric locking industry sector and the wide range of locking solutions available – from the straightforward to the specialised and sophisticated. Integrating the simplest linear actuator into a complex system is rarely simple. There’s no substitute for expertise and experience, and that’s what MSL offers as an outsource service to designers. One benefit afforded to those of us in the actuator industry with a very narrow but intense focus is not just understanding the advantages and limitations of solenoid technology, but the visibility of, and participation in, emerging developments in the science of electric locking. Knowing what’s achievable is invaluable in every project development phase.

Key considerations for robust residential security
Key considerations for robust residential security

In the UK, one burglary occurs every 106 seconds. This means by the time you've finished reading this article, at least three will have taken place. Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates and deter opportunistic intruders. With 58% of burglaries said to take place while the homeowner is in, it seems that even the second wave of lockdowns, and an increased number of people confined to their homes, won't do much to eliminate the risk of burglary. Prioritise security for peace of mind Security is paramount, and in the case of new build projects, should be considered from the very beginning of the design process, not as an afterthought. When it comes to securing pre-existing buildings, there are countless security options which will ensure the perimeter is robust enough to withstand opportunistic attacks. It's also worth noting that security features don't have to be complicated. There are plenty of high-tech digital systems flooding the market, which can go a long way to reduce the risk of burglary and will provide peace of mind to the end user. However, this article will demonstrate how traditional security measures, such as high-quality perimeter fencing, can ensure practical safeguarding of properties for years to come.  Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates Timber! There are a number of different materials which can be specified to create a strong boundary. From metal railings, to timber fence panels, they will each help deter criminals somewhat. Wooden fence panels are a popular choice for their appearance, and the right product and installation can help to increase security.Our timber acoustic fencing can also reduce noise by up to 32dB and has a solid face with no hand or footholds, while still retaining the attractive natural timber aesthetic of a typical garden fence. However, maintenance is key, and one of the first thing burglars will notice is the condition a fence is in, rather than a particular style. Therefore, old, broken or rotten fence panels are a green light for opportunistic thieves. These can be easily broken or bypassed with minimal effort. When specifying fences as part of a new build housing development, we would suggest opting for high-quality timber, as this will ensure that it is protected against rot. Look for products with an extended guarantee or those that don't need additional treatment over the years. The condition of the fence should still be regularly inspected, and simple methods such as clearing piles of leaves away from the base of the boundary can help to prevent rot which weakens the timber.  Securing fence panels The recent rising cost of timber has led to a dramatic increase in fence panel theft, and panels that can be lifted from the posts are an easy target. Mitigate this risk by screwing the fence panels into the posts. This makes it much harder for the panels to be removed from the posts and creates a more secure barrier.  Concrete posts do offer benefits, but we always advise on timber posts for any fencing. They're strong, just like concrete, but they continue the same natural theme as the rest of the fence. Moreover, if you screwed the panels to concrete posts, they would most likely crack and become damaged, and then be at risk to the elements.  Astute design Design is also important. Installing fence rails on the inside of properties to prevent them from being used as climbing aids is highly recommended. Even better, using panels without rails on high-end developments is a clever tip if you want a secure fence with a high-spec look. Security features don't have to be complicated High fences with solid panels and no gaps in between make it considerably harder for potential burglars to climb over. They also offer better privacy to conceal rear garden areas from intruders, and are much sturdier than other alternative panels.  One common mistake is designing in features such as trees or children's climbing frames too close to the boundary. These can be used by burglars as climbing aids when attempting to scale the fence, making access easy. Investigate the surrounding area, which flanks the outside of the property boundary, as an unfortunately placed bin or bench can also help criminals gain entry. If the removal of these items is not possible, designing in a spiky bush can help deter intruders. It's also worth noting that gardens with numerous large features such as bushes or sheds can also negatively impact the level of security. A clear line of sight across the entire garden is highly recommended where possible. If this view is blocked, it's considerably easy for intruders to hide undetected. Front gardens  While tall, solid fence panels are recommended for rear gardens to prevent intruders from being able to see in and climb over, the opposite is true for front gardens. For street-facing gardens, a low fence or hedge is recommended to provide a clear view from the house. It also makes it much harder for intruders to hide from passers-by or neighbours, who can raise the alarm during a burglary. Another useful security technique to consider is a gravel drive. These create noise, which means the homeowner will know when it is in use. Pair this with a strong boundary fence, the likelihood of burglary dramatically decreases. This article only scratches the surface in unveiling the sheer volume of effective home security options on offer to protect homes and gardens. These investments can help minimise the risk of traumatic break-ins, while also simultaneously boosting the aesthetic of the property and its surroundings. 

How is AI changing the security market?
How is AI changing the security market?

Artificial intelligence is more than just the latest buzzword in the security marketplace. In some cases, smarter computer technologies like AI and machine learning (ML) are helping to transform how security operates. AI is also expanding the industry’s use cases, sometimes even beyond the historic province of the security realm. It turns out that AI is also a timely tool in the middle of a global pandemic. We asked this week’s Expert Panel Roundtable: How is artificial intelligence (AI) changing the security market?