HP 500X HP Jetdirect Print Servers - Philosophy of Security

HP 500X - JetDirect Print Server Manual

Get HP 500X - JetDirect Print Server PDF manuals and user guides
UPC - 088698574287
View all HP 500X manuals
Add to My Manuals
Save this manual to your list of manuals

HP 500X manual content summary:

  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 1
    Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of an Unethical Hacker - Part 2 11 Confessions of an Unethical Hacker - Part 3 12 People and Technology: An Analysis for Part 1 12 People and Technology: An Analysis
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 2
    find the following: • People are the problem • People are the solution • Security of a university is given to a new student. The tour guide takes the new student around the various buildings - the "school the automobile parts by their common names, let's label them SSL/TLS, Web Services, AES
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 3
    simplify it. Whether they know it or not, they are often using a form of Ockham's Razor. Ockham's Razor Ockham's Razor is a common sense principle at least having some good probabilities about future behavior, which is an important part of security. One could argue that the weather man isn't a good
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 4
    @example.corp Corporate Enterprise Admin Login Login: Example_EA Password: WOW!I'mAnEntAdminForExample!!! Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! Domain: EXAMPLE All of these passwords and logins are too much for Example
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 5
    Server 't solve the problem that Example User cards, driver's license stored on the computers where the user setup before security can even begin. Many companies promoting a specific security technology often do not talk about trust anchors because they usually require separate out-of-band configuration
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 6
    it is the management station? SD: Um... I believe you can configure them manually as well. PC: Oh - that means I'll have to have a trusted administrator configure them with a trusted laptop on a trusted network. I guess we can do that. My device setup is outsourced, but none of these settings really
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 7
    web service support Kerberos tickets to authenticate a user over the SSL channel? SD: Um - no. PC: Well, unless my domain credentials are converted into some form credentials get configured? SD: Well, we have defaults for the Administration credentials. You could have your outsourcer configure them
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 8
    automobile, we can now simply study the moving parts and develop a service plan around that. This would be an example of using reductionism as a technique to help simplify problems (of course, they could simply read their owner's manual maintenance schedule as well). However, reductionism can be
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 9
    software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. If network print spoolers (Windows printer. Any problems with the print picture. Looking at security holistically, one can see that while buying an encrypted hard disk for a printer/MFP
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 10
    500 page ASCII text document filled with the letters of the English Alphabet (e.g., "ABCDE..."). He then removed each drive and placed them one at a time in a free drive slot in his own computer at the manual for the that was printed. The Problem". We attempt to combat The Verification Problem
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 11
    hacker. Confessions of an Unethical Hacker - Part 1 It was hard for the last few printer and MFP they have, get the documents that are in the "to be picked up" pile - you know, the documents that people have printed and have forgotten to pick up, place them in an MFP, send them to this email address
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 12
    only do server authentication. Hacker - Part 3 X problems - dispatch told me to check it out - luckily I was right next door". Cool! "Can it get to your networking equipment?" - Yep - right over here. In a small wiring closet, I connected my access point to a mirrored port on the switch I configured
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 13
    documents as compared to a chief technology officer printing out the latest prototype design of a new product. • Many companies encourage environmentally conscious behavior - often placing recycle bins directly next to printers. Often, partial documents that were part of a paper jam are often placed
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 14
    problem. If you value your printed documents and there are unauthorized individuals that can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers are suspected of computer related crimes - they get a warrant and install keystroke loggers.
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 15
    • Once inside the main door, install two employee badge controlled turnstiles, one five yards in They are not side by side, but instead form a line for a single line of employees to they witness such a violation. Better yet, let's review what our helpful employee might say to our Headless Horseman
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 16
    : An Analysis for Part 3 In our imaginary unethical hacker's third confession, we can see he is pretty smart. He's created a problem and showed up to MFP models to handle their printing and imaging needs. To save costs, they also standardized on laptops with docking stations for personal computers
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 17
    on three MFP models to handle their printing and imaging needs. To save costs, they also standardized on laptops with docking stations for personal computers. From a physical access control perspective, the company's building is badge accessed controlled and their LAN equipment and servers are in
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 18
    Shouldn't I remove some of them? • Why should I support SSLv2.0 if my secure shopping sites offer TLS support? • Why don't have I CRL checking enabled? • . The Internet Explorer 6 experience when an untrusted digital certificate is a pop-up dialog like this: In many cases, a user may just click
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 19
    This is a lot different - notice the symbols and explanatory text. The way the information is now presented, it will grab your attention. If we click the "Continue to this website (not recommended)" link, we get this: 19
  • HP 500X | HP Jetdirect Print Servers - Philosophy of Security - Page 20
    Notice the red URL and the "Certificate Error" message. Why did Microsoft change the behavior so drastically? Well, because people can make decisions that hurt their security, even when they are using SSL. By moving to a different way of presenting this information to the user, they are helping the
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
1
The Philosophy of Security
Table of Contents:
Introduction
.....................................................................................................................................
1
Category Mistake
............................................................................................................................
2
Ockham’s Razor
..............................................................................................................................
3
Ockham’s Razor Misapplied
.............................................................................................................
3
First Cause and Trust Anchors
............................................................................................................
5
Greedy Reductionism
.......................................................................................................................
8
The Verification Problem
...................................................................................................................
9
Confessions of an Unethical Hacker – Part 1
.....................................................................................
11
Confessions of an Unethical Hacker – Part 2
.....................................................................................
11
Confessions of an Unethical Hacker – Part 3
.....................................................................................
12
People and Technology: An Analysis for Part 1
.................................................................................
12
People and Technology: An Analysis for Part 2
.................................................................................
14
People and Technology: An Analysis for Part 3
.................................................................................
16
How Security Technology Can Help People
......................................................................................
16
How People Can Hurt Security Technology
.......................................................................................
17
Summary
......................................................................................................................................
20
Introduction
Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing
how easy it is to exploit various vulnerabilities.
The intention is to scare you into performing the steps
outlined by the whitepaper or buy the technology the whitepaper promotes.
We are not going to do
that here.
This introduction to security endeavors to step back and look at security more generally
and apply some basic philosophical concepts to help understand security in a more meaningful way.
Essentially, we are going to use Holism and apply it to security.
What is Holism?
Holism -
In the philosophy of the social sciences, the view that denies that all large-scale social events
and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or
suffered them. Methodological holism maintains that at least some social phenomena must be studied
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not
whitepaper