Auditing Multifunction Devices
Download
Report
Transcript Auditing Multifunction Devices
Auditing Security Controls of Printers, Scanners,
and Multifunction Devices
Brian Rue
Go Noles!
Chris Gohlke
Go Gators!
2010 NSAA IT Workshop and Conference
Presentation Agenda
• 1st Half
– MFD Functions/Services & Security Weaknesses
• 2nd Half
– Preparing a MFD Audit Program
2
In the Beginning…
Not much to audit
30’s
Chester Carlson with the first
xerographic apparatus
3
Manual process –
Thermal Paper Transfer
Still not much to audit…..
4
Xerox 914 was the first plain paper
photocopier using the process of
Electro-photography
No USB/No Tape
Drive/No Hard
drive/It did come
with a fire
extinguisher due
to heat &
ignition issues
5
CPU/ Memory – Tape Drive
added..
The image above shows the channel-attached version of the 9700, as the tape tower
isn't present. Under the LS100 terminal, Xerox had placed a modified DEC PDP11/34. An extra cage contained a few proprietary cards to facilitate the page ripping.
There was a Control Data 14" hard drive (the removable platter type) on sliders.
6
Printer/Copier/Scanner/FAX
Wired Network Connectivity
Wireless Networking WiFi/Bluetooth
Removable Memory
Hard Drives
Operating System
Web Server
User Accounts
Remote Access
Landline Connection
Scan to Network Share or PC
E-mail Integration
Web Submission of Print
Jobs
Web Browser
7
The CBS News Story On YouTube
http://www.youtube.com/watch?v=iC38D5am7go&feature=fvw
8
Understanding the MFD
9
MFD>A Server with a Glass Top
MFD Hardware Components
1. Central Processing Unit (CPU)
2. Memory (ROM/RAM/FLASH)
3. Hard Drive
4. Network Card
5. ABGN Wireless Radio
6. Bluetooth Radio
7. USB Connection
8. Analog Modem
9.Multicard Memory Reader
10. LCD/LED Screen
10
MFD Breakdown
11
MFD Software
• Operating System -GNU/Linux, VxWorksS, Windows NT
4.0 Embedded, Windows XP Embedded, Mac OS X, Sun
Solaris, or Vendor Proprietary OS
• Print Engine/Controllers – May be supported by
secondary OS
• Database (PostGreSQL+)
• Drive File System (NTFS/FAT)
• Additional Applications (Document Management -Optical Character
Recognition or PDF conversion, Software Development Kits – Sharp OSA,
Xerox EIP, HP Open Extensibility Platform, Web Server)
12
MFD Software Security Issues
• Security patches not applied to operating system
and services with discovered vulnerabilities
– Lack of vendor support for security patches
– Software or Operating system vulnerabilities may be used to elevate
privileges
• Lack of change management procedures
• Memory storage (hard drive, ROM/RAM, flash
drive) unencrypted by default
– Hard drive stores spooled and processed jobs in clear text
– MFD RAM memory stores documents in clear text during and after
processing by default
– Flash drives usually contain unencrypted jobs
13
• Apache Web Server
• Remote Access
(Telnet,FTP,HTTP,SNMP)
• Bytecode interpreters or virtual
machines for internally hosted third
party applications
• Network service clients for sending of
documents to different destinations
• Network service servers for receiving
documents for print or storage
MFD Services •
Image processing services
14
MFD Services Security Issues
• Unneeded services left on increasing the
number of potential attack points into the
MFD
• Services with security vulnerabilities not
patched
• No/limited logging of service activity
15
MFD Network Communications
• Common Open Ports/Protocols
–
–
–
–
HTTP 80/TCP
SNMP 161/UDP
LPD Printing 515/TCP
PDL Printing 9100/TCP
• Protocols
–
–
–
–
–
–
–
–
AppleTalk
Internet Printing Protocol
PCL
HPPCL Printing Protocol
Telnet
IPX/SPF
FTP
TCP/IP
16
MFD Network Communication
Security Issues
• No firewall rule set for ingress (traffic into the
MFD) or egress (traffic out of the MFD) filtering
• MFD does not support entity PKI strategy (no
support for CA certificates)
• Print/fax/scan jobs transmitted over
network/Internet in clear text
• Unneeded protocols and ports left open
17
MFD Wireless Access
• Wi-Fi
– WEP
– WPA
• WPA-PSK
• WPA-Enterprise
– WPA2
• WPA2-PKS
• WPA2-Enterprise
– No Encryption
• Bluetooth
– Prior to Bluetooth v2.1, encryption is not required and
can be turned off at any time.
18
MFD Wireless Security Issues
• Unencrypted wireless connections
transmitting documents in clear text
(intercepting documents in the air)
• Potential remote attack access point into the
MFD
19
• Fax to memory (disk/disk share)
• Hardcopy fax printouts
• PSTN – analog phone modem
connection
Fax Services
20
MFD Fax Services Security Issues
• Faxes auto print in an unsecured area
– No authorization required to verify recipient before
releasing fax
• Faxes held in unencrypted memory after
print
• Lack of logical separation of analog modem
from LAN (Ability to enter LAN from modem
connection)
21
Drive Shares
• Network Drive Shares
• Printer Drive Shares
• PC/MAC Shares
• Printer Hard Drive Shares
22
MFD Shares Security Issues
• No auditee procedures for configuring drive
shares
• Undocumented drive shares
• Shares setup without encryption
23
MFD
Management
1. Device Console
2. Web Interface
3. Network
client/server
enterprise
management
application
24
MFD Management Security Issues
• Physical Consoles on MFDs Setup Without
Pass Codes
• Default Web Interface may not require
password
• Most devices not configured with user or group
accounts to authenticate and authorize
• Limited to no logging of user activity (console
logons, patching, administrative functions)
25
MFD Repair Procedures
26
Physical Security
1.Conduct Risk Assessment to
determine if use of MFD and physical
location of device provides adequate
physical security controls.
2. Processing confidential or
sensitive data on a device in a common area
creates multiple security issues.
27
Surplus Device Procedures
1. Clean Printer
Configuration Files
2. Wipe Drives/Memory
3. Ensure no Sensitive
Paper Copies on Glass or
in Machine (legacy
paper jams)
28
MFD Certifications/Acts/Contractual Obligations
• National Security Telecommunications and
Information Systems Security Policy (NSTISSP)
#11
• DOD Directive 8500.1
• Common Criteria (EAL1 to EAL4)
• Gramm–Leach–Bliley Act (GLB)
• Health Insurance Portability and Accountability
(HIPAA)
• Payment Card Industry – Data Security Standard
29
Potential Components of an MFD
Audit Program
•
•
•
•
•
•
•
•
•
Network/Server
Shares
Wireless
Access Controls
Physical Security
Encryption
Surplus
Contracts/Leasing
Policies and Procedures
30
A Majority of Which Fall Into Your
Normal IT Audit Program
MFD
Audit
Program
IT Audit
Program
31
Since you probably won’t get a ton of
audit hours for MFD’s……
32
Obtain an Understanding and
Assess the Risk
• Get an inventory listing
• Inquire
• Observe
• Get manuals
• Search online for common vulnerabilities
33
Physical Security
• Does the unit have a locking compartment for
the hard drive, etc?
• Is there a physical reset button that will
restore the unit to factory default? Is it
secured?
• Is the entire unit secured in place, or could it
be wheeled out of the building?
• Is output secured?
34
Device Controls
• Strong password controls at the console?
• Settings/administration locked down to authorized
individuals?
• Is the web interface turned on? Does it need to be?
• Are unneeded network services turned on?
• Is wireless on? Does it need to be? Is it secure?
• Logs kept/reviewed of administration functions?
• Are the logs secured?
• Are there security patches for the device and if so are
they checking for them and applying them in a timely
manner?
35
Data Controls
• Does the device have an option for
encrypting/automatically wiping copies after a
job prints?
• Did they pay for it?
• Is it turned on?
• If not, why? Do they have a compensating
control?
36
Surplus
• Did they lease or purchase?
• If leased, what rights do they have to wipe the
drive? Is it user accessible? Are you going to
be able to audit it?
• If purchased, do MFDs fall under their normal
PC surplus policies for having devices wiped?
• What about when the device is serviced or
parts replaced?
37
Policies and Procedures
• As always, the above should be covered by a
policy and procedure.
38
Multifunction Device Resources
39
http://h20338.www2.hp.com/enterprise/downloads/NIST%20SUBMITTED%20Configuring%20Security%20for%20Multiple%20LaserJet,%20Color%20LaserJet,%20and%20Edgeline%20MFPs.pdf
40
http://www1.lexmark.com/documents/en_us/1_SecurityBrochure.pdf
41
http://www.aot-xerox.com/files/content/MFPsecurity.pdf
http://www.office.xerox.com/latest/SECBR-03UA.PDF
42
Questions?
43