HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 9

Secured MFP - review

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

card to be used. In addition, the only electronic digital sending device that the company had was placed in an accessrestricted security room monitored by a camera. Figure 6 - Secured MFP shows the setup: Camera C Open Conference Area C Secure MFP Room Card Access Figure 6 - Secured MFP Because you are paranoid about someone scanning in your data and emailing it or transporting it electronically to the competition, you force the MFP to send all digital information to a server where the data is scanned for watermarked words such as "confidential" or "secret". If any of these words are found, the server quarantines the data until security approves of the electronic data transfer. The room is locked at night and camera logs are archived. The MFP has also been secured by disabling unused protocols, forcing management protocols to use cryptographic protection such as SSL/TLS, and setting strong passwords. One day, one of your top employees, Jane Doe puts in her two week notice, citing medical reasons. Because your design breakthrough has left you slightly suspicious of everyone, you review the security camera logs and the confidential document logs and determine all is in order in regards to Jane Doe. A few days go by and you are interviewing Jane's replacement, Jill Fawn. Jill, who works for one of your competitors, claims to have seen Jane interviewing at the company she works for and believes she'll start her new job soon. You are shocked as Jane had cited medical reasons for leaving so you believe that she is up to no good. As Jane leaves on her last day, you ask security to conduct a surprise inspection of all of her outgoing possessions in case they belong to your company. The security team discovers a compact disc containing nearly all of the confidential documents related to the graphic design breakthrough! The security team reviews all the document check out logs and the camera logs associated with Jane and determines that Jane never accessed those documents nor did she ever use the MFP! How did Jane get those documents? Note: Many individuals reading the above 'case-study' will probably believe that Jane did something wrong. Legally however, it really depends on the company's security policy. Did the company have a security policy covering the access and use of this type of data? What about 'malicious' software that can be used to redirect data, tamper with data, and capture data? Was this policy communicated clearly and was it easily accessible? How was it enforced? Imagine if Jane took the case to court to legally obtain the documents that were in her possession and your company lost because you hadn't defined a security policy! IPsec is not a replacement for a security policy! Instead, it is a protocol that can be used to be compliant with a company's security policy. Jane didn't check out those documents, she didn't scan them in, and she didn't hack into the MFP over the network. Yet Jane still obtained them. You may think that Jane is an accomplished hacker. She isn't. She was able to accomplish all of this by downloading two free tools from the Internet and some light reading about how to use them. Let's look at Figure 7 and we'll see some more of the network and the open conference area that Jane used. 9

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
9
card to be used.
In addition, the only electronic digital sending device that the company had was placed in an access-
restricted security room monitored by a camera.
Figure 6 – Secured MFP shows the setup:
Secure MFP Room
Open Conference Area
C
Camera
C
Card Access
Figure 6 - Secured MFP
Because you are paranoid about someone scanning in your data and emailing it or transporting it electronically to the
competition, you force the MFP to send all digital information to a server where the data is scanned for watermarked words
such as “confidential” or “secret”.
If any of these words are found, the server quarantines the data until security approves of
the electronic data transfer. The room is locked at night and camera logs are archived.
The MFP has also been secured by
disabling unused protocols, forcing management protocols to use cryptographic protection such as SSL/TLS, and setting strong
passwords.
One day, one of your top employees, Jane Doe puts in her two week notice, citing medical reasons.
Because your design
breakthrough has left you slightly suspicious of everyone, you review the security camera logs and the confidential document
logs and determine all is in order in regards to Jane Doe.
A few days go by and you are interviewing Jane’s replacement, Jill
Fawn.
Jill, who works for one of your competitors, claims to have seen Jane interviewing at the company she works for and
believes she’ll start her new job soon.
You are shocked as Jane had cited medical reasons for leaving so you believe that she
is up to no good.
As Jane leaves on her last day, you ask security to conduct a surprise inspection of all of her outgoing
possessions in case they belong to your company.
The security team discovers a compact disc containing nearly all of the
confidential documents related to the graphic design breakthrough!
The security team reviews all the document check out logs
and the camera logs associated with Jane and determines that Jane never accessed those documents nor did she ever use the
MFP!
How did Jane get those documents?
Note: Many individuals reading the above ‘case-study’ will probably believe that Jane did something wrong.
Legally however,
it really depends on the company’s security policy.
Did the company have a security policy covering the access and use of this
type of data?
What about ‘malicious’ software that can be used to redirect data, tamper with data, and capture data?
Was
this policy communicated clearly and was it easily accessible?
How was it enforced? Imagine if Jane took the case to court to
legally obtain the documents that were in her possession and your company lost because you hadn’t defined a security policy!
IPsec is not a replacement for a security policy!
Instead, it is a protocol that can be used to be compliant with a company’s
security policy.
Jane didn’t check out those documents, she didn’t scan them in, and she didn’t hack into the MFP over
the network.
Yet Jane still obtained them.
You may think that Jane is an accomplished hacker.
She
isn’t.
She was able to accomplish all of this by downloading two free tools from the Internet and
some light reading about how to use them.
Let’s look at Figure 7 and we’ll see some more of the
network and the open conference area that Jane used.