HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 10

Too Easy: The Repeater

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 10 highlights

C Figure 7 - Network Model As we can see, the room is secured, but the network attached to the room is not. In addition, although the MFP has been configured to use cryptographic management protocols and has strong passwords, the printing and imaging protocols are unprotected. Jane will use this to her advantage. We'll review five different and mutually exclusive ways in which Jane could have obtained the data. Note: This section and the "Too Easy" sections that follow are focused on printing and imaging. However, the techniques used are applicable to any service running on the network, such as the Domain Name System, Windows Internet Naming Service, Dynamic Host Configuration Protocol, Email, Web Servers, etc... These are not specific printing and imaging vulnerabilities but general TCP/IP protocol vulnerabilities and Ethernet switch vulnerabilities. Too Easy: The Repeater Back in the day when there were no cell phones, homes typically had one phone line. Many a suspicious parent would use this to their advantage. Whenever one of their wild teenagers happened to go to their bedroom to take a phone call, hoping for some privacy, the suspicious parent would listen to their conversations by secretly picking up a telephone somewhere else in the house. The parent was able to listen to their teenager's conversation because all the telephones in the house were connected to the same telephone line. One thing a teenager could do would be to ask for his or her own telephone line to the house, usually under the guise that they would pay for their own bill. Usually this second phone line is installed directly to their bedroom. One ramification of that second phone line is that the parent could no longer listen in from their main telephone line. When a house has a single phone line and multiple phones, it is acting like an Ethernet Hub or as it is sometimes called, an Ethernet Repeater. Refer to Figure 8 - Ethernet Repeater. 10

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
10
C
Figure 7 - Network Model
As we can see, the room is secured, but the network attached to the room is not.
In addition,
although the MFP has been configured to use cryptographic management protocols and has strong
passwords, the printing and imaging protocols are unprotected.
Jane will use this to her advantage.
We’ll review five different and mutually exclusive ways in which Jane could have obtained the data.
Note: This section and the “Too Easy” sections that follow are focused on printing and imaging.
However, the techniques used are applicable to any service running on the network, such as the
Domain Name System, Windows Internet Naming Service, Dynamic Host Configuration Protocol,
Email, Web Servers, etc… These are not specific printing and imaging vulnerabilities but general
TCP/IP protocol vulnerabilities and Ethernet switch vulnerabilities.
Too Easy: The Repeater
Back in the day when there were no cell phones, homes typically had one phone line.
Many a
suspicious parent would use this to their advantage.
Whenever one of their wild teenagers happened
to go to their bedroom to take a phone call, hoping for some privacy, the suspicious parent would
listen to their conversations by secretly picking up a telephone somewhere else in the house.
The
parent was able to listen to their teenager’s conversation because all the telephones in the house were
connected to the same telephone line.
One thing a teenager could do would be to ask for his or her
own telephone line to the house, usually under the guise that they would pay for their own bill.
Usually this second phone line is installed directly to their bedroom.
One ramification of that second
phone line is that the parent could no longer listen in from their main telephone line.
When a house has a single phone line and multiple phones, it is acting like an Ethernet Hub or as it is
sometimes called, an Ethernet Repeater.
Refer to Figure 8 – Ethernet Repeater.