HP Color LaserJet CM4730 HP LaserJet MPF Products - Configuring Security for M - Page 8

Spoofing Identity, Tampering with Data, Con SNMPv3.

Get HP Color LaserJet CM4730 - Multifunction Printer PDF manuals and user guides View all HP Color LaserJet CM4730 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 8 highlights

to research in this area. You should continue to be ware and always remain vigilant. Use other techniques with this checklist to help ensure that your network is resistant to compromise. Note: This is not a comprehensive treatment of these issues. This chapter is only an introduction to the types of threats that might possibly affect MFPs. The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats: • Spoofing identity • Tampering with data • Repudiation • Information disclosure • Denial of service • Elevation of privilege The following sections explain how each type of threat relates to MFPs: Spoofing Identity Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here are some ways spoofing identity can relate to MFPs: • Placing another person's email address in the From address field of an email message. Example: Someone could place the address of a co-worker in the From address field and send embarrassing or malicious messages to others as though the co-worker wrote them. • Using another person's email credentials to log in to the email server to gain access to address books • Using another person's email credentials to have free use of an email service • Using another person's email credentials to view that person's email messages • Using another person's log on credentials for access to use MFPs or networks • Using another person's log on credentials for administrative access to MFPs You can address the risks of spoofing identity in the following ways: • Protect the from address field in the MFP Digital Sending and Fax configurations. • Protect MFP disk access. • Configure authentication. • Configure the administrator password. • Configure SNMPv3. Tampering with Data Tampering with data can include any method of changing, destroying, or adding to information that stored on an MFP or being transferred to or from an MFP. Examples: • Canceling another person's job. The person who sent a cancelled job gets no warning; only part or none of the job is printed. • Intercepting a print job before it reaches the MFP, altering it, and sending it on to the MFP. • Intercepting remote configuration data, such as communications between Web Jetadmin and the MFP, to get passwords and other information. You can address the risks of data tampering in the following ways: 8

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
to research in this area. You should continue to be ware and always remain vigilant. Use other
techniques with this checklist to help ensure that your network is resistant to compromise.
Note:
This is not a comprehensive treatment of these issues. This chapter is only
an introduction to the types of threats that might possibly affect MFPs.
The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats:
Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
The following sections explain how each type of threat relates to MFPs:
Spoofing Identity
Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here
are some ways spoofing identity can relate to MFPs:
Placing another person's email address in the From address field of an email message. Example:
Someone could place the address of a co-worker in the From address field and send embarrassing
or malicious messages to others as though the co-worker wrote them.
Using another person's email credentials to log in to the email server to gain access to address
books
Using another person's email credentials to have free use of an email service
Using another person's email credentials to view that person’s email messages
Using another person's log on credentials for access to use MFPs or networks
Using another person's log on credentials for administrative access to MFPs
You can address the risks of spoofing identity in the following ways:
Protect the from address field in the MFP Digital Sending and Fax configurations.
Protect MFP disk access.
Configure authentication.
Configure the administrator password.
Configure SNMPv3.
Tampering with Data
Tampering with data can include any method of changing, destroying, or adding to information that
stored on an MFP or being transferred to or from an MFP. Examples:
Canceling another person's job. The person who sent a cancelled job gets no warning; only part or
none of the job is printed.
Intercepting a print job before it reaches the MFP, altering it, and sending it on to the MFP.
Intercepting remote configuration data, such as communications between Web Jetadmin and the
MFP, to get passwords and other information.
You can address the risks of data tampering in the following ways:
8