Secure printing

Sometimes the biggest threats to data are fairly low tech. Former national security adviser Sandy Berger made that point when he walked out of the National Archives with classified documents. There was no hacking of networks or decrypting of documents. Instead, it was as simple as carrying out hard copy on your person.The fact is, despite billions of dollars being spent on securing federal IT systems, it's possible for the wrong eyes to see sensitive data at unsecured print stations.Vendors are responding to the situation, but IT staff aren't sure how to assess the vendors' proposed solutions. 'We see more vendors advertising secure printing, which leaves people wondering what they should do,' said Ken Weilerstein, research vice president of Gartner Inc. of Stamford, Conn. 'IT security directors have other things to worry about, so the decisions are left to people who are not security specialists.'While most printer manufacturers have some sort of secure printing offering, a full solution requires more than putting a keypad on the printer. Data needs to be protected in transit, and the printers need to be protected against hacks.'The biggest mistake is to view secure printing as a separate, standalone application. It is one element of security and has to be looked at in that context,' said Steve Reynolds, senior analyst for Lyra Research Inc., a consulting group in Newton, Mass. 'The best way to do it is to take advantage of the security infrastructure you are putting in place for all kinds of things.'An obvious low-tech security risk is the wrong person picking up a sensitive document from a shared printer.'Sometimes you print a document and get a phone call before you pick it up,' said Chuck Jarrow, vice president and deputy general manager of the IT Services Group at government contractor L-3 Communications Corp. 'You might have some very sensitive data sitting out there.'Last spring, International Data Corp., a Massachusetts consulting firm, released a survey showing that more than half of respondents had found other people's documents on their shared printer. E-mails were the most commonly found item, but 24 percent found financial data and 18 percent found personnel records.The simplest way to solve this issue, of course, is to buy personal printers.'Printers are so cheap these days, the easy way is for everyone to have their own printer,' said Bruce Schneier, founder and CTO of Counterpane Internet Security Inc., a managed-security-services company in Mountain View, Calif.But this strategy only works when users have private offices. It's also more expensive to support a large number of private printers than having networked shared printers.Another approach often used in high-security installations is to put the printer behind a locked door. But, again, that's not always practical for general office use.Then there is the matter of device and network security. This is particularly becoming an issue with multifunction peripherals (MFPs), which combine printing, copying, scanning and faxing. Some devices even have their own Web page for access by remote personnel. And, as we have witnessed with other computing devices, more features mean more potential security holes.The most common printer security strategy is to control access to printer output with a keypad, card reader or biometric device attached to the printer. When the user sends the document to the printer, a dialog box appears offering the option of using either secure or standard printing.If you choose secure printing, you enter a code at your workstation. The job would then go into a print queue, either on a print server or on the printer itself, and the job would sit there until the user goes to the printer and'if a keypad device is being employed'enters the password to release the job for printing.Alternatives include smart cards and biometric devices. L-3 Communications, for example, has started using fingerprint readers for some of its own internal printing needs, as well as for some of its customers.'For an organization that suddenly finds it needs secure printing, biometric access is a very cost-effective way to do it and a very quick way to do an implementation,' Jarrow said.L-3 has employees stationed at the offices of some of its customer agencies to provide tech support. Adding keypad security to printers would have been one way to enhance security, but Jarrow prefers a biometric approach.'There was a group we worked with that had printers with a keypad release mechanism, and they got rid of them because they were more trouble than they were worth,' he said. 'You need to look at your people, and if they can't remember their ZIP code, they won't remember their printer code.'Instead, he purchased a fingerprint system from Silex Technology America Inc. With it, a fingerprint reader is plugged into a USB port on the user's workstation to register a fingerprint. Then, if a user opts for a secure print job, he uses a fingerprint reader at the printer to release the document. Since L-3 started using the system, Jarrow said, he has seen a lot of interest from clients.'We talked to one agency that had grown tired of people forgetting their codes and calling the help desk to get the number reset,' he said. 'They were very intrigued by this solution since users can't leave their finger back at the computer.'The interconnectivity of modern printing equipment also creates additional security holes.'It wasn't that long ago where we had separate printers, and the copier was only connected to the power supply,' says Weilerstein. 'Today they have an increasing number of functions, are connected to the network and might also be connected to the phone line.'While it is more common for hackers to try to access databases or document storage systems, printer files have two distinct attractions. The first is that they show what documents are currently in play in an organization. The other is that print documents are easy to read.Bob Forte, senior systems engineer for Levi, Ray and Shoup Inc. of Springfield, Ill., likes to conduct demonstrations of how even a free network sniffer can produce clear copies of printer files.'People don't feel they have a vulnerability in their print data streams,' Forte said. 'In actuality, any basic line data or PCL [Printer Command Language] is pretty readable.'He advises encrypting all printer files and only decrypting them at the printer. This is especially critical if the printer file is being transmitted to a remote location. LRS has print encryption software, and some printer vendors, including Hewlett-Packard Co. (Capella) and Lexmark International Inc. (Printcryption), have decryption options on their printers.Then there are remote workers who are physically outside the network but who need to print documents inside the office. 'Printing can take advantage of the security and encryption that is already there, a VPN tunnel or 128-bit encryption that is available with the Web,' said Lyra Research's Reynolds.Another important factor to consider is controlling who is printing what.'The most common problem is not knowing what users are printing,' said Bill Feeley, CEO of Software Shelf International Inc. of Clearwater, Fla. 'If management has no way to run reports on who is printing, what is being printed [and] where jobs are being printed, they have no way to implement any kind of security.'Software Shelf sells the Print Management Plus software that is used by the General Services Administration, NASA and other agencies. While it's most commonly used to set quotas or restrict who can print in color as a way to cut costs, it also provides an audit trail to see who is accessing and printing what documents.In addition, a user can be blocked from printing documents from specific applications or documents that have designated key words in the title. For example, anyone not on the human resources staff would be blocked from printing anything from the HR Management System.'The point here is that the other elements of computer systems are being tightened up so paper is one of the few remaining places you can take information out of the agencies without leaving a trace,' Weilerstein said. 'If you try to download the information to local storage there might be rules blocking it, but not with printing.' Unless, of course, you have installed print management software to prevent this.Printer manufacturers keep adding features, and since additional features can mean additional vulnerabilities, the first reaction of some IT managers might be to disconnect the fax line and disable any other features that aren't absolutely essential.But vendors are adding extensive security features as well. (Most vendors also offer white papers on their Web sites detailing these features.) In addition, Lexmark, Sharp Corp. and Xerox Corp. have received National Security Agency Common Criteria certifications and some HP LaserJet models are undergoing evaluation. But even this type of certification doesn't provide a complete answer.'Agencies should look for certification such as the Common Criteria certification, but the problem is that the certification only shows that it has been tested for a specific threat,' Weilerstein said. 'Vendors say it is like a Good Housekeeping seal, but in reality it is just one product tested for one threat.'Also, agencies will want to check to see what features their existing security vendors can provide in relation to printing.'The whole subject of secure printing is being increasingly rolled into the general elements of security that people are enabling on their networks,' Reynolds said. 'It is less a standalone application these days as it is just another application in a suite of things that people are enabling.'