HP Jetdirect 310x HP Jetdirect Print Servers - Philosophy of Security
HP Jetdirect 310x - Print Server For Fast Ethernet Manual
View all HP Jetdirect 310x manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Jetdirect 310x manual content summary:
- HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 1
: Introduction ...1 Category Mistake ...2 Ockham's Razor ...3 Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of an Unethical Hacker - Part 2 11 Confessions of an - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 2
we find the following: • People are the problem • People are the solution • Security technology a university is given to a new student. The tour guide takes the new student around the various buildings - the " common names, let's label them SSL/TLS, Web Services, AES, and so on. A security consultant/ - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 3
the contrary, many of the same technologies used to buy a book or music over the Internet are used by hospitals, police departments, fire departments, and power grids. In short, the very infrastructures that people rely on to help them and keep them safe use the same technologies that make the news - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 4
Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! Domain: EXAMPLE All of these passwords and logins are too much for Example User to remember. Example User believes that writing a password down is a horrible breach of security, so - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 5
an extremely powerful user with many privileges Example User had the usernames/passwords configured - setup before security can even begin. Many companies promoting a specific security technology often do not talk about trust anchors because they usually require separate out-of-band configuration - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 6
to an Online Certificate Status Protocol server. SD: Um... PC: Well, I'm assuming the management station needs to verify that the device's certificate is valid. I mean it has to make sure the certificate hasn't expired, it has to make sure that the device name and IP address match, it has to make - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 7
password pair. Why on earth would I want to send your device my domain credentials? SD: Um - for ease of use? PC: Does your web service support Kerberos tickets to authenticate a user CRLs, correct time, and so on. • The configuration of administration credentials on the device. All of these things - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 8
confidential document stored on an intranet web server: • A user brings up a confidential document from an internal web server. This user has a meeting and would like everyone to have a printed copy, so the user prints multiple copies. The internal web server obviously has a copy of the document on - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 9
software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. If network print spoolers (Windows, NetWare, UNIX/LINUX, and so on) were used instead of direct printing is a copy by their printer. Any problems with the print job, there are probably - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 10
price?" The customer decided to run his own tests. He sent each printer . Looking at the manual for the drive, the the document that was printed. The customer was warranties, but the encryption function was under a "use at your own risk" warranty Problem". We attempt to combat The Verification Problem - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 11
something so specific when this with the Verification Problem in much the printer and MFP they have, get the documents that are in the "to be picked up" pile - you know, the documents that people have printed and have forgotten to pick up, place them in an MFP, send them to this email address - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 12
SSL, but only do server authentication. Their firewall has a cut-through-proxy feature that allows them to enter their username and password, and I have didn't even have to report the problem to their IT department! Yea! Back at the café, I connected my laptop wirelessly to the access point I placed - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 13
specification. • Many individuals with a variety of different levels of access to confidential documents often use the same printers to print them out. An intern from college doing research and printing become the new "Driver's License" of the chase: • Problem Statement: There is doesn't address the - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 14
problem. If you value your printed documents and there are unauthorized individuals that can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers in regards to security, specifically around tailgating?" The fact of the matter is that 14 - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 15
could depend on who is asking. Luckily there is a security button for other employees to press when they witness such a violation. Better yet, let's review what our helpful employee might say to our Headless Horseman coming in from the rain loaded with cookie trays on Halloween: • "Here, let me take - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 16
he is pretty smart. He's created a problem and showed up to fix it. If you at 123-456-7890 before using this key" printed on the box. Signs on the locked door their LAN equipment and servers are in a locked of the business. The MFPs are serviced by an outsourced company. This outsourced company - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 17
external specification (e.g., FIPS)? • The company should determine who manages the equipment/IT of the servers and laptops. If this is an outsourced or external company (e.g., retail service printing is stolen. • Warranty Replacement or Upgrade: Selling equipment to another user/company: The MFP is - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 18
Shouldn't I remove some of them? • Why should I support SSLv2.0 if my secure shopping sites offer TLS support? • Why don't have I CRL checking enabled? • Can certificate is a pop-up dialog like this: In many cases, a user may just click "Yes" without realizing what they are doing and then provide - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 19
This is a lot different - notice the symbols and explanatory text. The way the information is now presented, it will grab your attention. If we click the "Continue to this website (not recommended)" link, we get this: 19 - HP Jetdirect 310x | HP Jetdirect Print Servers - Philosophy of Security - Page 20
make decisions that hurt their security, even when they are using SSL. By moving to a different way of presenting this information to the user, they are helping the user make good decisions around security. And with that, we've come full circle. Summary Many books have been written about security in
1
The Philosophy of Security
Table of Contents:
Introduction
.....................................................................................................................................
1
Category Mistake
............................................................................................................................
2
Ockham’s Razor
..............................................................................................................................
3
Ockham’s Razor Misapplied
.............................................................................................................
3
First Cause and Trust Anchors
............................................................................................................
5
Greedy Reductionism
.......................................................................................................................
8
The Verification Problem
...................................................................................................................
9
Confessions of an Unethical Hacker – Part 1
.....................................................................................
11
Confessions of an Unethical Hacker – Part 2
.....................................................................................
11
Confessions of an Unethical Hacker – Part 3
.....................................................................................
12
People and Technology: An Analysis for Part 1
.................................................................................
12
People and Technology: An Analysis for Part 2
.................................................................................
14
People and Technology: An Analysis for Part 3
.................................................................................
16
How Security Technology Can Help People
......................................................................................
16
How People Can Hurt Security Technology
.......................................................................................
17
Summary
......................................................................................................................................
20
Introduction
Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing
how easy it is to exploit various vulnerabilities.
The intention is to scare you into performing the steps
outlined by the whitepaper or buy the technology the whitepaper promotes.
We are not going to do
that here.
This introduction to security endeavors to step back and look at security more generally
and apply some basic philosophical concepts to help understand security in a more meaningful way.
Essentially, we are going to use Holism and apply it to security.
What is Holism?
Holism -
In the philosophy of the social sciences, the view that denies that all large-scale social events
and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or
suffered them. Methodological holism maintains that at least some social phenomena must be studied
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not
whitepaper