Hardcopy Security: An Open Door

1
Hardcopy SecurityAn Open Door

• Don Wright
• Director, Alliances Standards
• Lexmark International
• don_at_lexmark.com

2
Agenda

• Thoughts on Security
• What is Hardcopy Security?
• Components of Hardcopy Security
• Who needs Hardcopy Security and Why?
• The existing Hardcopy Security Landscape
• P2600
• Questions

3
What, me worry?

• Valuable information must be protected no matter
  what form it takes or where it is located. An
  organizations customer list has the same value
  whether in hardcopy form or an electronic file
• Kevin Mitnick, The Art of Deception
• Information never stays in computers it moves
  onto paper all the time. Information is
  information and, for an attacker, information in
  paper files is just as good as information in
  computer files.
• Bruce Schneier, Secrets Lies"

4
What is Hardcopy Security ??

• For the purposes of this discussion, Hardcopy
  Security is The measures, methods and
  procedures taken to guard against an attack on,
  theft of, espionage against, or the sabotage of
  sensitive information and the devices, components
  or systems used to print, scan, copy, transmit,
  receive or store documents on (or intended to be
  on) paper or other human readable media.

5
Components of Hardcopy Security

• Physical
• Theft prevention (Memory Cards, Hard disk drives,
  etc.)
• Disposal of integrated flash memory and/or hard
  disk drives
• Authentication
• Who are you and how do you prove it? Userids?
  Passwords? SmartCards? Biometrics?
• Federated Identity Systems such as Liberty
  Alliance or Passport
• Authentication of the device itself
• Authorization
• Are you authorized to print? Copy? Scan?
• Is that your print job being held for you in the
  printer?
• How are authorization levels maintained, managed,
  transmitted?
• Privacy
• Protection/Encryption of data transmitted to or
  from device
• Protection/Encryption of data residing on device
• HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley
  (Protection of Nonpublic Personal Information)
• Protection of the physical output, e.g. the paper
• Integrity
• Maintain and enforce the trustworthiness of the
  system
• Non-repudiation

6
Components of Hardcopy Security

• Monitoring / Auditing
• Tracking who printed, scanned or copied what?
• Knowledge of printing/scanning usage, timing,
  volumes can be insightful.
• Who is attempting unauthorized activities?
• Device Management
• Unauthorized configuration changes (disabling
  safeguards)
• Unauthorized firmware updates (re-enabling or
  bypassing disabled functions)
• Document Security
• Confidentiality, Integrity, Authenticity
• Non-repudiation, Authentication, Access Control
• Customer perceptions (correct or incorrect)
• Use of fax modem connection to break into
  corporate networks
• Use of device as source of denial of service,
  e-mail relays (spam), etc.
• Utilization of device programmability to
  compromise security

7
Why Worry about Hardcopy Security?

• Isnt it just good business practice?
• Do you want your competitors, either internal or
  external, sniffing your PowerPoint charts on
  the way to the printer?
• Do you want your confidential personnel output
  sitting in the output hopper of your printer
  while youre stuck in a sudden 2 hour emergency
  meeting?
• Do you want your scanned financial statements
  sitting on a server as an easily readable .pdf
  file when the next security breach is found that
  gives root access to everyone?

.pdf
8
Hardcopy Security and the Law
HIPAA The Health Insurance Portability and
Accountability Act (HIPAA) requires health care
organizations to protect the privacy and security
of confidential health information and calls for
standard formats for electronic transactions.
These standardized national requirements apply to
the electronic transmission of patient history
and health records such as health insurance
enrollment detail and claims. The need to
maintain confidentiality and privacy of medical
information and rules for medical document
security, including standards related to data
integrity and encryption, are also outlined in
HIPAA. GLB The Gramm-Leach-Bliley Act (GLB)
contains a Safeguards Rule which requires
financial institutions to have in place a
comprehensive security program to ensure the
security and confidentiality of customer
information. This includes the identification of
employee coordinators, the identification of
foreseeable internal and external risks, the
implementation of safeguards to address the
risks, and the regular adjustment of the programs
in light of developments that may materially
affect the program. SARBANES-OXLEY Sarbanes-Oxley
contains provisions requiring certain levels of
security for the financial records which are used
to create the CEO-signed reports submitted
annually. How these provisions relate to
Hardcopy Device and System Security is being
investigated.
9
Who needs Hardcopy Security?
doesnt
X

People on a deserted island without internet
access and with their printers connected to their
PCs with a parallel cable.
Your kids printing out their art projects at home.
Anyone else?
10
Existing Standards for Hardcopy Security

• No comprehensive standards specific to hardcopy
  device security currently exist.
• Components of some existing standards could be
  applied to the hardcopy environment, for example
• Common Criterias Residual information
  protection (FDP_RIP) for the contents of an
  integrated hard disk.
• Common Criterias Cryptographic operation
  (FCS_COP) for sending an encrypted print job.
• Many others
• Some information security policies deal lightly
  with hardcopy security but then only from the
  perspective of information classification.
• However, while these basic functions may be
  useful, they do not address the aggregation of
  functions for a printer or similar device such as
  what is contained in ISO/IEC 17799 Information
  technology Code of practice for information
  security management for computers and
  workstations in general.

11
What is needed?

• Standards for hardcopy security covering all
  aspects of printers and other multifunction
  hardcopy devices and their usage, including
• Applications
• Operating system
• Transmission of the print job or scan job
• Copying
• Job hold for user
• Physical Security (Output bins, etc.)
• Device management
• User authentication
• Etc.
• Checklists, guidelines and best practices
  documents to assist IT organizations in planning
  and implementing a hardcopy security plan will
  follow the standard.
• Assessment and Certification standards to measure
  compliance with the above standards will also
  follow.

12
P2600 Getting Started

• Lexmark has taken the initiative now to put
  together an effort to develop the necessary
  standards to address hardcopy security.
• A number of the leaders from the hardcopy
  industry recently met at a NIST workshop held in
  September and then at the CS BoG Meeting Series
  in Tampa. This group included Lexmark, HP, IBM,
  Canon and Xerox. Microsoft has expressed its
  intention to participate but has been unable to
  attend.
• A PAR for this work has been submitted and will
  be reviewed and hopefully approved at next weeks
  Standards Board meeting.

13
P2600 Hardcopy Device and System Security

• Scope
• This standard defines security requirements
  (including all aspects of security including but
  not limited to authentication, authorization,
  privacy, integrity, device management, physical
  security and information security) for
  manufacturers, users and others on the selection,
  installation, configuration and usage of hardcopy
  devices and systems including printers, copiers,
  and multifunction devices and the computer
  systems that support these devices. This
  standard identifies security exposures for these
  hardcopy devices and systems and instructs
  manufacturers and software developers on
  appropriate security capabilities to include in
  their devices and systems and instructs users on
  appropriate ways to use these security
  capabilities.
• Purpose
• In today's Information Technology environment,
  significant time and effort are being spent on
  security for workstations and servers. However,
  today's hardcopy devices (printers, copiers,
  multifunction devices, etc.) are connected to the
  same local area networks and contain
  communications, processing and storage components
  just as subject to security problems as
  workstations and servers. At this time, there
  are no standards to guide manufacturers or users
  of hardcopy devices or the computer systems that
  support them in the secure installation,
  configuration or usage of these devices and
  systems.

14
P2600 Expected Content of Standard

• Description of the security environments
  (multiple levels) including threats and risks.
• Description of the threats, risks and attack
  techniques including both Internal and External
  Threat Agents including illustrative scenarios.
• Description of the security objectives for each
  of the identified security environments.
• Development of technical requirements based on
  the security objectives.
• Development of multiple profiles using the Common
  Criteria and potentially other evaluation and
  measurement criteria and techniques.
• Expect to include content useful to both the
  product and systems developers/manufacturers as
  well as end users.

15
P2600 Next Steps

• Upon approval of the PAR, a general call for
  participation will be made to the hardcopy
  industry through a number of industry trade
  groups.
• Next meeting is expected to be the first week of
  February 2004 in California.

16
P2600 Mailing List and Web Site

• Web Site http//grouper.ieee.org/groups/2600
• Mailing list
• Majordomo run by the IEEE
• An archive is available via the web site
• Subscribe via a note to majordomo_at_ieee.org
  containing the line subscribe stds-2600
• Only subscribers may send e-mail to the mailing
  list stds-2600_at_ieee.org

17
Questions?
Thanks for your attention!!