Time: 
2017-05-06 13:00 to 2017-05-06 14:00
Room: 
CC-114

Experience level

Learner

Session Track

Security

Securing Multifunction Devices

Securing Multifunction Devices

Attendees:

IT staff with some exposure to MFD use in a small business setting.

The Reason:

Unsecured network attached IoT with memory can expose resident intellectual property to theft, allow the MFD platform to collect and transmit data, provide information on other network attached devices, and compromise network availability.

The Challenges:

Multifunction Devices (print, copy, fax, scan, and e-mail) provide a hub that businesses depend on to communicate documents and other information. The default administrative access to these devices is often unchanged.  Security settings are hard to locate and populate, or require a certificate authority that is not set up as a role on the organization's server.  Network connections are sometimes not secured.  User Interface access is often not authenticated at the device, by LDAP, or RFID card.  Anti-malware, whitelist/blacklist, or data integrity features are sometimes optional or not enabled.  User turnover means organizational knowledge about MFDs goes missing.  Even use by government or entities under interlocal cooperative agreements may not comply with FIPS 140-2 or other security-driven mandates. At end of life, the devices may be resold, released, or recycled without retaining the hard drive, wiping data, or resetting to factory defaults.

The complexity of settings combined with the desire for convenience may cause conflict between IT staff and, particularly, high-profile users.  Documenting settings is time-consuming, spotty, prone to error and misplacement.

The session addresses four areas of securing the MFD:

  • At the network connectivity level (e.g. network authentication, etc.)
  • At the hardware level (e.g. disk drive encryption, USB ports, etc.)
  • At the user interface (e.g. access control, user limits to features, etc.)
  • At the system software level (e.g. data integrity control)

The audience will receive a security checklist in the form of a secure PDF.  Attendees will learn the potential threat posed by unsecured MFDs, increasingly standard and optional security features of MFDs, how to secure MFDs and their features using basic settings.