MFP Hard Drive Security


Published on

Your hard drive in your copier (MFP) retains a copy of every document that has passed through it. This data needs to be considered when formulating an overall security policy for your business.

Published in: Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

MFP Hard Drive Security

  1. 1. Multi-Function Printer (MFP) Security Issues
  2. 2. <ul><li>Securing confidential data is an important consideration for every business </li></ul>
  3. 3. <ul><li>You wouldn’t leave documents, files, and </li></ul><ul><li>spreadsheets lying around for unauthorized </li></ul><ul><li>viewing or removal </li></ul>
  4. 4. <ul><li>Most organizations are aware of the need for security policies for computers </li></ul><ul><li>Passwords </li></ul><ul><li>Encryption </li></ul><ul><li>Network protection </li></ul><ul><li>Hard drive removal restrictions </li></ul>
  5. 5. <ul><li>But have you thought about security related </li></ul><ul><li>to your MFP’s (multi-function printers) and </li></ul><ul><li>copiers? </li></ul>
  6. 6. MFP/Copier Security: <ul><li>Overlooked </li></ul>Misunderstood
  7. 7. <ul><li>When documents are printed, scanned, faxed, </li></ul><ul><li>or copied on MFP’s (copiers), they are converted </li></ul><ul><li>to digital files and reside in the copier, either on </li></ul><ul><li>the hard drive or in RAM (memory). </li></ul>
  8. 8. <ul><li>All processed documents are </li></ul><ul><li>accessible and can be stolen </li></ul><ul><li>from the MFP’s hard drive, </li></ul><ul><li>either by accessing the MFP </li></ul><ul><li>remotely via network access </li></ul><ul><li>or by removing the hard drive </li></ul><ul><li>and extracting the data. </li></ul>
  9. 9. Available for the taking? <ul><li>Financial documents </li></ul><ul><li>Client information </li></ul><ul><li>Social Security numbers </li></ul><ul><li>Tax information </li></ul><ul><li>Human Resources documents </li></ul><ul><li>Medical information </li></ul><ul><li>Proprietary secrets </li></ul>
  10. 10. <ul><li>Also consider: </li></ul><ul><li>During service calls, the hard drive (with your documents) is accessible to the repair person </li></ul><ul><li>When the copier is removed for service or replacement, your documents are leaving the office along with it </li></ul>
  11. 11. <ul><li>So what’s a concerned person to do? </li></ul>
  12. 12. Hard Drive Overwrite function <ul><li>Most manufacturers offer some form of hard drive overwrite to prevent access to information that was stored on the disc. </li></ul>
  13. 13. Hard Drive Overwrite function <ul><li>Hard drive overwrite essentially erases document files by overwriting them with a series of characters. </li></ul><ul><li>XOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXO . </li></ul><ul><li>OXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOXOX . </li></ul>
  14. 14. <ul><li>Hard drive overwrite is performed </li></ul><ul><li>immediately upon completion of all copy, </li></ul><ul><li>print, scan and fax jobs, insuring no </li></ul><ul><li>information can be recovered. </li></ul>
  15. 15. <ul><li>Hard drive overwrite is an option on most new equipment </li></ul><ul><li>Older equipment may be configured with this option </li></ul><ul><li>Most manufacturers currently offer 3 or 4 overwrites, which is sufficient for most purposes </li></ul><ul><li>The highest level of overwrite security includes 7 overwrites </li></ul>
  16. 16. <ul><li>Hard drive is removed nightly and stored in a secure location such as a safe </li></ul><ul><li>Problems associated with this solution:   </li></ul><ul><ul><li>Daily movement of the hard drive </li></ul></ul><ul><ul><li>Can be stolen, misplaced, dropped </li></ul></ul><ul><ul><li>Not a “certified” method for securing hard drive data </li></ul></ul>Alternative solution: Removable hard drive
  17. 17. RAM (memory) Security <ul><li>RAM memory is temporary storage, separate from the hard drive, for holding data during various types of image conversion </li></ul><ul><li>Some research indicates RAM is not completely cleared of information once the MFP is turned off </li></ul><ul><li>Highest level of government security requires an overwrite of RAM on the MFP </li></ul>
  18. 18. What are the laws? <ul><li>Government regulations related to privacy, information security and preventative controls: </li></ul><ul><li>HIPAA </li></ul><ul><li>Sarbanes-Oxley Act </li></ul><ul><li>Gramm-Leach-Bliley Act </li></ul><ul><li>Federal Information Security Management Act of 2002 (FISMA) and FDA 21 </li></ul>
  19. 19. What is ISO 15408 or “Common Criteria” ? <ul><li>Internationally agreed upon standard </li></ul><ul><li>Evaluation of products to determine fulfillment of particular security properties </li></ul><ul><li> </li></ul>
  20. 20. <ul><li>Common Criteria Certification is by machine, not by manufacturer. </li></ul><ul><li>Many vendors are unclear on this </li></ul><ul><li>Ask to see your equipment’s certification </li></ul><ul><li>If the system is newly introduced, it may not be certified yet </li></ul><ul><ul><li>. </li></ul></ul>
  21. 21. Other aspects of security protection: <ul><li>Encryption of information sent from desktop to printer </li></ul><ul><li>Encryption of sent fax/scanned information </li></ul><ul><li>User authorization for printing, copying, scanning and faxing </li></ul><ul><li>LDAP authorization (Lightweight Directory Access Protocol- used to look up contact information from the server) </li></ul>
  22. 22. <ul><li>Your organization’s overall security is only as strong </li></ul><ul><li>as the weakest link </li></ul>
  23. 23. <ul><li>Establish a security policy for your copiers/MFP’s and adhere to it </li></ul>
  24. 24. Final Thoughts…… <ul><li>Check the Common Criteria web site for additional information. </li></ul><ul><li>Manufacturers have brochures on the security suites offered, ask for them. </li></ul><ul><li>Do not depend on verbal assurances from MFP vendors or even manufacturers’ representatives – get the written facts! </li></ul>