HP 300X HP Jetdirect Print Servers - Philosophy of Security

HP 300X - JetDirect Print Server Manual

Get HP 300X - JetDirect Print Server PDF manuals and user guides
UPC - 882780300842
View all HP 300X manuals
Add to My Manuals
Save this manual to your list of manuals

HP 300X manual content summary:

  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 1
    : Introduction ...1 Category Mistake ...2 Ockham's Razor ...3 Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of an Unethical Hacker - Part 2 11 Confessions of an
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 2
    find the following: • People are the problem • People are the solution • Security technology of a university is given to a new student. The tour guide takes the new student around the various buildings - the "school names, let's label them SSL/TLS, Web Services, AES, and so on. A security consultant
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 3
    the contrary, many of the same technologies used to buy a book or music over the Internet are used by hospitals, police departments, fire departments, and power grids. In short, the very infrastructures that people rely on to help them and keep them safe use the same technologies that make the news
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 4
    ! Domain: EXAMPLE Email: [email protected] Corporate Enterprise Admin Login Login: Example_EA Password: WOW!I'mAnEntAdminForExample!!! Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! Domain: EXAMPLE All of these
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 5
    to credit cards, driver's license, and other personal information - whether that is at work or at home. What? Write them down? Isn't that horrible security procedure? It depends. We are memorizing the critical account (Enterprise Admin) and writing down the passwords for personal accounts that
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 6
    it is the management station? SD: Um... I believe you can configure them manually as well. PC: Oh - that means I'll have to have a trusted administrator configure them with a trusted laptop on a trusted network. I guess we can do that. My device setup is outsourced, but none of these settings really
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 7
    web service password support Role based authentication where an Administrator can specify a username, password, and role. PC: Perfect. How do the Administrator credentials get configured? SD: Well, we have defaults configured, but also, who is going to be configuring supported configuration Supports
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 8
    , we can now simply study the moving parts and develop a service plan around that. This would be an example of using reductionism as a technique to help simplify problems (of course, they could simply read their owner's manual maintenance schedule as well). However, reductionism can be misused and
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 9
    software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. If network print spoolers (Windows, NetWare, UNIX/LINUX, and so on) were used instead of direct printing is a copy by their printer. Any problems with the print job, there are probably
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 10
    price?" The customer decided to run his own tests. He sent each printer the same file - a 500 page key value. Looking at the manual for the drive, the manufacturer returned with the document that was printed. The customer was dismayed. It Problem". We attempt to combat The Verification Problem
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 11
    deal with the Verification Problem in much the same an announcement may result in a "cold prickly" feeling rather than a "warm printed and have forgotten to pick up, place them in an MFP, send them to this email address so easy to fake with modern color printers and most employees will leave them on
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 12
    server authentication. Their firewall has a cut-through-proxy feature that allows them to enter their username and password him once. Looking at the yellow pages, I saw that Company Y had port on the switch I configured. I verified I could it so fast they didn't even have to report the problem to their
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 13
    printing out the latest prototype design of a new product. • Many companies encourage environmentally conscious behavior - often placing recycle bins directly next to printers a good idea to supply your domain credentials to the new "Driver's License" of chase: • Problem Statement: There address
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 14
    problem. If you value your printed documents and there are unauthorized individuals that can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers crimes - they get a warrant and install keystroke loggers. Our imaginary unethical hacker had
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 15
    • The initial sliding door or revolving door is badge controlled but can allow for more than one person to enter. • Once inside the main door, install two employee badge controlled turnstiles, one five yards in front of the other one. They are not side by side, but instead form a line for
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 16
    pretty smart. He's created a problem and showed up to fix it service personnel using the yellow pages, -7890 before using this key" printed on the box. Signs on the equipment and servers are serviced by an outsourced company. This outsourced company keeps the MFPs up and running and deals with supplies
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 17
    of the servers and laptops. If this is an outsourced or external company (e.g., retail service), then on three MFP models to handle their printing and imaging needs. To save costs, Look at SSL - it was a security technology and it changed the way people shop and allowed for e-commerce - people aren
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 18
    ? Shouldn't I remove some of them? • Why should I support SSLv2.0 if my secure shopping sites offer TLS support? • Why don't have I CRL checking enabled? • Can with the opportunity to do so? An unethical hacker could use technology to direct a user to a false web site when they are thinking they are
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 19
    This is a lot different - notice the symbols and explanatory text. The way the information is now presented, it will grab your attention. If we click the "Continue to this website (not recommended)" link, we get this: 19
  • HP 300X | HP Jetdirect Print Servers - Philosophy of Security - Page 20
    Notice the red URL and the "Certificate Error" message. Why did Microsoft change the behavior so drastically? Well, because people can make decisions that hurt their security, even when they are using SSL. By moving to a different way
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
1
The Philosophy of Security
Table of Contents:
Introduction
.....................................................................................................................................
1
Category Mistake
............................................................................................................................
2
Ockham’s Razor
..............................................................................................................................
3
Ockham’s Razor Misapplied
.............................................................................................................
3
First Cause and Trust Anchors
............................................................................................................
5
Greedy Reductionism
.......................................................................................................................
8
The Verification Problem
...................................................................................................................
9
Confessions of an Unethical Hacker – Part 1
.....................................................................................
11
Confessions of an Unethical Hacker – Part 2
.....................................................................................
11
Confessions of an Unethical Hacker – Part 3
.....................................................................................
12
People and Technology: An Analysis for Part 1
.................................................................................
12
People and Technology: An Analysis for Part 2
.................................................................................
14
People and Technology: An Analysis for Part 3
.................................................................................
16
How Security Technology Can Help People
......................................................................................
16
How People Can Hurt Security Technology
.......................................................................................
17
Summary
......................................................................................................................................
20
Introduction
Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing
how easy it is to exploit various vulnerabilities.
The intention is to scare you into performing the steps
outlined by the whitepaper or buy the technology the whitepaper promotes.
We are not going to do
that here.
This introduction to security endeavors to step back and look at security more generally
and apply some basic philosophical concepts to help understand security in a more meaningful way.
Essentially, we are going to use Holism and apply it to security.
What is Holism?
Holism -
In the philosophy of the social sciences, the view that denies that all large-scale social events
and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or
suffered them. Methodological holism maintains that at least some social phenomena must be studied
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not
whitepaper