Printer and Copier Security
Summary: Security recommendations for copiers and printers with hard drives.
Introduction
Modern copiers and printers use hard drives to facilitate advanced functionality. The default setting on these devices may lead to additional risk as sensitive information may be unknowingly stored on these devices. Security settings must be turned on or, in some cases, additional options or modules must be purchased. OIT will collect as much information as possible for securing these devices.
If your device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive must be removed and securely wiped or destroyed separately.
Best Practices
OIT recommends the following best practices for multi-function printers and copiers with disk drives:
- Review vendor security configuration guides
- Develop a standard configuration and review regularly
- Enable immediate image overwrite and schedule regular off-hours overwrite (DoD 3 pass)
- Enable encryption (minimum 128-bit AES)
- If network-enabled, use network encryption and secure protocols such as IPSec, SSL, SNMPv3
- Regularly review vendor security bulletins
- Enable authentication and authorization (if possible, use network credentials)
- Change admin password regularly
- Enable audit log and review periodically
- Treat network-enabled devices like any other computer on the network
- Purchase a device which has an EAL2 Common Criteria certification
If restricted data is processed on the device, it MUST have encryption and image overwrite.
For devices which are currently in use and process restricted data but do not have the necessary security features:
- If possible, purchase the necessary security modules and enable the features.
- If security features cannot be purchased or enabled, replace the device as soon as is appropriate. When the device is replaced, have the hard drive removed and destroyed.
By Vendor
Xerox
Newer Xerox devices come with security features but often must be turned on. See the following list for which features the devices have and which are enabled by default: XeroxDeviceList.pdf
Xerox Information Security Guides: http://www.xerox.com/information-security/product/enus.html
Directions for Enabling Immediate Image Overwrite on Xerox 7665 WorkCentre:
- Press the [Log In / Out] button to access the Tools pathway.
- On the keypad enter [admin], then the current administrator password, and touch [Enter].
- If necessary, press [Machine Status], then touch the [Tools] tab.
- From Tools, select [Security Settings].
- Select [Image Overwrite Security], then [Immediate Overwrite].
- Select [Enable], then touch [Save]. The change in status will be immediately effective.
- Press the [Log In / Out] button to log out of the Tools pathway.
Ricoh
Ricoh security options must be purchased separately.
Guide to Ricoh security features: RicohCommonSecurityFeaturesGuide.pdf
Canon
Canon security options must be purchased separately.
Guide to Canon security features: CanonSecuritySolutionsforiRandiPDevices.pdf
HP
- All HP multi-function printers (MFPs) have hard drives.
- There is a disk-wipe utility for all MFPs.
- This utility is not installed by default and must be downloaded from HP.COM. The utility is protected by an admin account and password.
- The utility can be configured to perform a printer disk wipe on a daily basis.
- Some non-MFP HP printers may have hard drives. These printers will have an occupied EIO card (with resident hard drive) in the slot next to the network card. This EIO card should be physically evident by viewing the printer external case.
- We cannot use a third party disk wipe utility against HP MFP hard drives without removing the drive from the card - which is likely to cause damage to the card and, possibly, the hard drive.
- Non-MFPs with hard drives are somewhat rare and may be purchased for special purposes.
- Non-MFPs with hard drives and network connections can be remotely disk wiped. Non-MFPs with a hard drive but without a network connection need to be handled by HP.
- For leased HP printers, it is suggested that the agreements include a defective media retention provision that permits the lessor to keep the hard drive before releasing the printer.
- The WebJetAdmin tool, downloadable from HP.COM, can scan a network subnet and identify HP printers (and non-HP printers if the tool has a MIB for the non-HP printer).
