printer friendly version

Security for systems in networked and standalone environments

Our digital world is becoming more vulnerable every day. The strategic importance of digital highways and the data transmitted over them provides extensive opportunities for errors, interference or even sabotage, with possible dramatic results. This is the conclusion of the Computer Security Institute in its 2003 Computer Crime and Security Survey, which is available at http://www.gosci.com.

Based on a survey of 530 US computer security practitioners across all industries and government agencies, the 2003 findings once again show large numbers of attacks and correspondingly high financial losses. However, this study does suggest that in 2003 the severity and costs of these attacks were down for the first time since 1999. Despite this downturn, the main conclusion of the survey remains that the risk of cyber attacks continues to be high. Even organisations that have deployed a wide range of security technologies can fall victim to significant losses.

The divisional manager for Océ South Africa's Digital Document Systems, Pierre la Grange, says, "At Océ, security is an integral part of system development, and the company is taking a proactive approach to the improvement of security-related issues. We are working to address security challenges across all of our digital document systems. Currently the focus is on meeting recognised industry standards and working to help customers implement government mandated security regulations in a timely manner."

Secure network connectivity

La Grange points out, "Our connectivity policy is to minimise the risk of cyber attacks. All Océ digital document systems support configurable network services to enable/disable specific devices, print protocols and ports. All configurable network services are disabled by default. To ensure secure and controlled access from the network, customers are strongly recommended to keep the number of enabled network services to a strict minimum."

To provide more insight into the types of cyber attacks that could possibly be expected, these can be categorised into:

Infection attack

This implies an attack (virus, worm, trojan) via enabled network services, which could infect the printer controller. To minimise the risk of these attacks, the customer should keep the number of network services that are enabled on the Océ system to a strict minimum. However, if infection takes place, the Océ host intrusion protection system at the controller will proactively recognise and detect the infection. Appropriate measures should then be taken to remove the infection.

Denial of service attack

This is an attack aimed at blocking proper operation of the printer. To prevent these attacks from succeeding, only predefined controller settings are allowed. In addition, Océ is continuously working on increasing the robustness of the protocol handler of the print controller.

Intrusion attack

Also called hacking, this type of attack aims to gain unauthorised access to the system. The measures that have been taken to prevent this from happening via the network include the encryption of passwords and minimising the printer information available through the network.

Physical access to the controller by means of CD-ROM and or/floppy disk drives should be limited. Rebooting of the system from CD-ROM and floppy disk is disabled, and the potential problem of physical access has been addressed by integrating the controller in the printer itself.

"Although we have taken the necessary measures to ensure secure network connectivity, network security remains a mutual responsibility of both the customer and Océ," according to La Grange. "We strongly recommend that customers take all necessary measures to protect their IT environment against cyber attacks, for example, by installing firewalls, secured common network operating systems and anti-virus or host intrusion protection systems."

Secure document access

Océ's secured document end-user access policy addresses two main security issues:

a. Minimising the risk of confidential printed documents lying uncollected in the document output tray.

b. Minimising the risk of document printing being activated by anyone from the electronic mailbox at the printer site, where documents are vulnerable to theft and unauthorised viewing.

Several measures have been taken, particularly in relation to printing in unattended environments such as offices/corridors and departmental printer locations. These measures involve restricting document access at the printer to the authorised user. To minimise these risks, particularly in unattended printing environments, the unique Océ Digital Mailbox concept has been developed. This involves three levels of secure document access that have been defined and implemented:

1. End-users can add unique PIN codes to each document to be printed from their desktops. They then have to activate printing from the mailbox by typing in their unique PIN codes at the printer.

2. Only authorised end-users can access the mailboxes by typing in unique mailbox passwords.

3. An external e-card system can be connected to the Océ printer (CCD interface). When end-users print documents, they only need to activate the mailbox of the printer by entering their e-cards in the system and typing in their unique PIN codes. A further benefit of the e-card system is that it provides secure accountability and traceability of all printing activities.

La Grange says that Océ intends to have a flexible and secure document access solution in place, with the ability to implement secure end-user document access solutions that comply with customers' security policies.

Secure document storage

Once documents have been printed, these can be deleted automatically from the hard disk. After deletion, these documents will be shredded by image overwrite security functionality in the Océ system. This clears or overwrites all traces of any deleted documents and/or images on the hard disk by using a multipass process that complies with government standards. In addition, deletions of documents from the hard disk, whether printed or not yet printed, are done automatically after the expiry of a predefined document storage time. In the meantime, the hard disks of the Océ system could also be stored in a secure environment according to customer security procedures. For copying only at the system, Océ ensures the highest level of secure document storage. Scanned images for copying only are encrypted, which means they are absolutely unusable by unauthorised persons.

La Grange concludes, "Océ secure document storage policy ensures that no unauthorised disclosure of data can occur during processing or storage in the Océ system. We have taken measures to initiate flexible procedures for ensuring secure document storage."

Share this article:

Further reading: