HP Jetdirect 610n HP Jetdirect Print Servers - Philosophy of Security
HP Jetdirect 610n Manual
 |
View all HP Jetdirect 610n manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Jetdirect 610n manual content summary:
- HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 1
Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of an Unethical Hacker - Part 2 11 Confessions of an Unethical Hacker - Part 3 12 People and Technology: An Analysis - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 2
find the following: • People are the problem • People are the solution • Security technology of a university is given to a new student. The tour guide takes the new student around the various buildings - the "school names, let's label them SSL/TLS, Web Services, AES, and so on. A security consultant - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 3
over the Internet are used by hospitals, police departments, fire departments, and power grids. In short, the very infrastructures that people rely on to help that the wind blew because trees were sneezing, or that the sun set in Arizona near Flagstaff, or that the world really existed in black - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 4
To move to a more complicated security example, let's see how a couple of simple mistakes can lead to a misapplication of Ockham's Razor. Example_User is a user in the EXAMPLE Domain. This person has two accounts on the Internet for books and for jewelry, 4 email accounts, and is also an Enterprise - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 5
powerful user configured - no company information is revealed should a "hacker" retrieve this information - in other words, "all else is not equal". In short, Example User needs to go back to the first approach. The first approach doesn't solve the problem that Example User incorrect application of - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 6
: Um... I believe you can configure them manually as well. PC: Oh - that means I'll have to have a trusted administrator configure them with a trusted laptop on a trusted network. I guess we can do that. My device setup is outsourced, but none of these settings really undermines my network security - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 7
? PC: Does your web service support Kerberos tickets to authenticate a user over the SSL channel? SD configured? SD: Well, we have defaults for the Administration credentials. You could have your outsourcer configure supported version of OpenSSL for instance?). • The implementation of the application - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 8
, we can now simply study the moving parts and develop a service plan around that. This would be an example of using reductionism as a technique to help simplify problems (of course, they could simply read their owner's manual maintenance schedule as well). However, reductionism can be misused and - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 9
software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. If network print spoolers (Windows, NetWare, UNIX/LINUX, and so on) were used instead of direct printing by their printer. Any problems with the print job, there are probably partial copies - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 10
to find the actual key value. Looking at the manual for the drive, the manufacturer indicated that a random hour, the friend returned with the document that was printed. The customer was dismayed. It seems that the "Verification Problem". We attempt to combat The Verification Problem with Testability - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 11
understands that security technology has to deal with the Verification Problem in much the same way as scientific theories do. There the documents that people have printed and have forgotten to pick up, place them in an MFP, send them to this email address, and then put them back plant a few 11 - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 12
do server authentication. connected my access point to a mirrored port on the switch I configured. I verified I could connect (securely - I don't want anyone else to do that!) and went back outside and connected problem to their IT department! Yea! Back at the café, I connected my laptop wirelessly - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 13
• It is never a good idea to supply your domain credentials to a computer that isn domain credentials have become the new "Driver's License" of identity in the let's cut to the chase: • Problem Statement: There is an unauthorized person to digitally send doesn't address the issue anymore than - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 14
problem. If you value your printed documents and there are unauthorized individuals that can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers - they get a warrant and install keystroke loggers. Our imaginary unethical - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 15
more than one person to enter. • Once inside the main door, install two employee badge controlled turnstiles, one five yards in front of the other to press when they witness such a violation. Better yet, let's review what our helpful employee might say to our Headless Horseman coming in from - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 16
pretty smart. He's created a problem and showed up to fix it. some attacks (e.g., 802.1X), but 456-7890 before using this key" printed on the box. Signs on the equipment and servers are in serviced by an outsourced company. This outsourced company keeps the MFPs up and running and deals with supplies - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 17
the servers and laptops. If this is an outsourced or external company (e.g., retail service), then on three MFP models to handle their printing and imaging needs. To save costs, MFP is replaced due to failure or upgraded to another type. • Selling equipment to another user/company: The MFP is sold as - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 18
Shouldn't I remove some of them? • Why should I support SSLv2.0 if my secure shopping sites offer TLS support? • Why don't have I CRL checking enabled? • Can certificate is a pop-up dialog like this: In many cases, a user may just click "Yes" without realizing what they are doing and then provide - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 19
This is a lot different - notice the symbols and explanatory text. The way the information is now presented, it will grab your attention. If we click the "Continue to this website (not recommended)" link, we get this: 19 - HP Jetdirect 610n | HP Jetdirect Print Servers - Philosophy of Security - Page 20
make decisions that hurt their security, even when they are using SSL. By moving to a different way of presenting this information to the user, they are helping the user make good decisions around security. And with that, we've come full circle. Summary Many books have been written about security in
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
 |
 |
1
The Philosophy of Security
Table of Contents:
Introduction
.....................................................................................................................................
1
Category Mistake
............................................................................................................................
2
Ockham’s Razor
..............................................................................................................................
3
Ockham’s Razor Misapplied
.............................................................................................................
3
First Cause and Trust Anchors
............................................................................................................
5
Greedy Reductionism
.......................................................................................................................
8
The Verification Problem
...................................................................................................................
9
Confessions of an Unethical Hacker – Part 1
.....................................................................................
11
Confessions of an Unethical Hacker – Part 2
.....................................................................................
11
Confessions of an Unethical Hacker – Part 3
.....................................................................................
12
People and Technology: An Analysis for Part 1
.................................................................................
12
People and Technology: An Analysis for Part 2
.................................................................................
14
People and Technology: An Analysis for Part 3
.................................................................................
16
How Security Technology Can Help People
......................................................................................
16
How People Can Hurt Security Technology
.......................................................................................
17
Summary
......................................................................................................................................
20
Introduction
Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing
how easy it is to exploit various vulnerabilities.
The intention is to scare you into performing the steps
outlined by the whitepaper or buy the technology the whitepaper promotes.
We are not going to do
that here.
This introduction to security endeavors to step back and look at security more generally
and apply some basic philosophical concepts to help understand security in a more meaningful way.
Essentially, we are going to use Holism and apply it to security.
What is Holism?
Holism -
In the philosophy of the social sciences, the view that denies that all large-scale social events
and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or
suffered them. Methodological holism maintains that at least some social phenomena must be studied
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not
whitepaper