Environment Creep in Printing

Back in the old days, printers were so damn expensive that many companies would have a print-room, dedicated to housing a single, or a couple of devices, fax machines, copiers, ETC. Now that these functions are typically rolled into a single and less expensive device, the printers are rolled out to the office space for multiple reasons, mostly because it’s convenient for the users, and dedicated print rooms are expensive considering how big they’d have to be to handle the increased demand (due to decreased price) for hard-copy materials.

Printers, or multi-functional devices sitting in general access office space can be a significant attack vector for anyone wishing to harvest some data. Due to the increased demand in usage, just about all office printers have a local hard disk drive to free up spooling resources at the server. However, spooling is done at the server because it’s assumed to be in a physically secure area, now with printers performing additional spooling on non-volatile media, the data sent for printing is no longer protected by enhanced physical security that comes with a dedicated data-center or communication’s room. Leaving physical access open to general employees and third-party contractors.

At this point, one should consider whether certain departments should participate in such schemes, or have their own dedicated printing facilities in a physically secure location. One should consider hard disk drive encryption to counter any casual, opportunist, or uninformed attack… Perhaps in certain environments we start implementing tamper-resistant hardware along the lines of ATMs, for example; pitting memory modules to mitigate against cold-boot attacks.

Related posts:

1. Environment Controls Are Important to Security
2. Fedora Core 10: LUKS and dm-crypt
3. Mounting LUKS / dm-crypt Partitions in Microsoft Windows
4. We Are Alone… Probably.
5. Fedora Core 10: Encrypted Swap Partition