HP Jetdirect J2550B HP Jetdirect Print Servers - Philosophy of Security
HP Jetdirect J2550B Manual
View all HP Jetdirect J2550B manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Jetdirect J2550B manual content summary:
- HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 1
: Introduction ...1 Category Mistake ...2 Ockham's Razor ...3 Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of an Unethical Hacker - Part 2 11 Confessions of an - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 2
the following: • People are the problem • People are the solution • a university is given to a new student. The tour guide takes the new student around the various buildings - the let's label them SSL/TLS, Web Services, AES, and so on. A security Security is not a network protocol • Security is - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 3
than explaining, his dad would invent answers. For example, he told his son that the wind blew because trees were sneezing, or that the sun set in Arizona near Flagstaff, or that the world really existed in black and white until it turned into color in the 1930s. After these explanations - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 4
Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! Domain: EXAMPLE All of these passwords and logins are too much for Example User to remember. Example User believes that writing a password down is a horrible breach of security, so - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 5
Server Login: Example_User Password problem that Example User was running into though - too many usernames/passwords passwords for Example User's personal accounts (e.g., Internet Book Store) and keep them with the same security that Example User provides to credit cards, driver to be setup before - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 6
chicken-egg problem here? manually as well. PC: Oh - that means I'll have to have a trusted administrator configure them with a trusted laptop on a trusted network. I guess we can do that. My device setup is outsourced, but none of these settings really undermines my network and IP address match - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 7
. When I'm authenticating myself, I'm sending over Kerberos Tickets, not my username/password pair. Why on earth would I want to send your device my domain credentials? SD: Um - for ease of use? PC: Does your web service support Kerberos tickets to authenticate a user over the SSL channel? SD: Um - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 8
user prints multiple copies. The internal web server obviously has a copy of the document on its hard rive and any backup tapes or DVDs. • Unless the web browser was using some form of transmission security (e.g., IPsec, HTTPS, etc...), the document probably went over the company's local network in - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 9
forgot to pick up the printout, there is a copy by their printer. Any problems with the print job, there are probably partial copies in the recycle bin. • The outsourcer probably saves the PDF file. If it was an internal server, there is probably a copy on its hard drive and potentially any - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 10
price?" The customer decided to run his own tests. He sent each printer actual key value. Looking at the manual for the drive, the manufacturer indicated friend returned with the document that was printed. The customer was dismayed. It seems Problem". We attempt to combat The Verification Problem - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 11
replacement Problem in a "cold prickly" feeling me to break into their network. If I can, they him a video on my laptop of exactly what he quite amazing what employees print out and don't ever card control, but I have it hanging around my neck anyway. They are so easy to fake with modern color printers - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 12
server authentication. Their firewall has a cut-through-proxy feature that allows them to enter their username and password, fast they didn't even have to report the problem to their IT department! Yea! Back at the café, I connected my laptop wirelessly to the access point I placed on their network - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 13
printers to print them out. An intern from college doing research and printing out publicly available documents as compared to a chief technology officer printing credentials have become the new "Driver's License" of identity in the cut to the chase: • Problem Statement: There is an unauthorized - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 14
problem. If you value your printed documents and there are unauthorized individuals that can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN badge on this card access control panel a warrant and install keystroke loggers. - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 15
to enter. • Once inside the main door, install two employee badge controlled turnstiles, one five yards to help someone get in the building without the card access control of an employee badge working: • " witness such a violation. Better yet, let's review what our helpful employee might say to our - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 16
models to handle their printing and imaging needs. To save costs, they also standardized on laptops with docking stations for personal computers. From a physical access control perspective, the company's building is badge accessed controlled and their LAN equipment and servers are in a locked room - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 17
models to handle their printing and imaging needs. To save costs, they also standardized on laptops with docking stations for personal computers. From a physical access control perspective, the company's building is badge accessed controlled and their LAN equipment and servers are in a locked room - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 18
? Shouldn't I remove some of them? • Why should I support SSLv2.0 if my secure shopping sites offer TLS support? • Why don't have I CRL checking enabled? • Can the unethical hacker with a lot of information - like their credit card number or sadly their domain credentials. After all, it really seems - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 19
This is a lot different - notice the symbols and explanatory text. The way the information is now presented, it will grab your attention. If we click the "Continue to this website (not recommended)" link, we get this: 19 - HP Jetdirect J2550B | HP Jetdirect Print Servers - Philosophy of Security - Page 20
with that, we've come full circle. Summary Many books have been written about security in regards to technology such as how to secure your networking equipment, how to test for vulnerabilities in technologies, how do deploy patches across the enterprise, and so on. These are all important topics and
1
The Philosophy of Security
Table of Contents:
Introduction
.....................................................................................................................................
1
Category Mistake
............................................................................................................................
2
Ockham’s Razor
..............................................................................................................................
3
Ockham’s Razor Misapplied
.............................................................................................................
3
First Cause and Trust Anchors
............................................................................................................
5
Greedy Reductionism
.......................................................................................................................
8
The Verification Problem
...................................................................................................................
9
Confessions of an Unethical Hacker – Part 1
.....................................................................................
11
Confessions of an Unethical Hacker – Part 2
.....................................................................................
11
Confessions of an Unethical Hacker – Part 3
.....................................................................................
12
People and Technology: An Analysis for Part 1
.................................................................................
12
People and Technology: An Analysis for Part 2
.................................................................................
14
People and Technology: An Analysis for Part 3
.................................................................................
16
How Security Technology Can Help People
......................................................................................
16
How People Can Hurt Security Technology
.......................................................................................
17
Summary
......................................................................................................................................
20
Introduction
Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing
how easy it is to exploit various vulnerabilities.
The intention is to scare you into performing the steps
outlined by the whitepaper or buy the technology the whitepaper promotes.
We are not going to do
that here.
This introduction to security endeavors to step back and look at security more generally
and apply some basic philosophical concepts to help understand security in a more meaningful way.
Essentially, we are going to use Holism and apply it to security.
What is Holism?
Holism -
In the philosophy of the social sciences, the view that denies that all large-scale social events
and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or
suffered them. Methodological holism maintains that at least some social phenomena must be studied
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not
whitepaper