HP PageWide Pro 577dw Printing Security Best Practices: Configuring a Printer - Page 9

Threat Model, Spoofing Identity

Get HP PageWide Pro 577dw PDF manuals and user guides View all HP PageWide Pro 577dw manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

Chapter 1: Threat Model This section explains the types of security risks involved with operating MFPs in enterprise environments. As technology improves, malicious people (hackers) continue to find new ways to exploit networks. They are beginning to target MFPs and other network peripherals to misuse resources or to gain access to networks or the Internet. Predicting the actions of a hacker is difficult, but HP is dedicated to research in this area. This checklist represents some of HP's efforts to ensure that you can use HP MFPs with confidence; however, you should continue to beware and always remain vigilant. Use other techniques with this checklist to help ensure that your network is resistant to compromise. NOTE: This is not a comprehensive treatment of these issues. This chapter is only an introduction to the types of threats known to affect network MFPs. The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats: • Spoofing identity • Tampering with data • Repudiation • Information disclosure • Denial of service • Elevation of privilege The following sections explain how each type of threat relates to MFPs: Spoofing Identity Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here are some ways spoofing identity can relate to MFPs: • Placing another person's email address in the From address field of an email message (e.g. Someone could enter the address of a co-worker in the From address field and send embarrassing or malicious messages to others as though the co-worker sent them) • Using another person's email credentials to login to the email server to gain access to address books • Using another person's email credentials to have free use of an email service • Using another person's email credentials to view that person's email messages • Using another person's logon credentials for access to use MFPs or networks • Using another person's logon credentials for administrative access to MFPs You can minimize the risks from identity spoofing in the following ways: • Protect the From address field in the MFP Digital Sending and Fax configurations 5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
5
Chapter 1: Threat Model
This section explains the types of security risks involved with operating MFPs in enterprise environments.
As technology improves, malicious people (hackers) continue to find new ways to exploit networks. They
are beginning to target MFPs and other network peripherals to misuse resources or to gain access to
networks or the Internet. Predicting the actions of a hacker is difficult, but HP is dedicated to research in this
area. This checklist represents some of HP's efforts to ensure that you can use HP MFPs with confidence;
however, you should continue to beware and always remain vigilant. Use other techniques with this
checklist to help ensure that your network is resistant to compromise.
NOTE:
This is not a comprehensive treatment of these issues. This chapter is only
an introduction to the types of threats known to affect network MFPs.
The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats:
Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
The following sections explain how each type of threat relates to MFPs:
Spoofing Identity
Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here are
some ways spoofing identity can relate to MFPs:
Placing another person's email address in the
From
address field of an email message (e.g.
Someone could enter the address of a co-worker in the
From
address field and send embarrassing
or malicious messages to others as though the co-worker sent them)
Using another person's email credentials to login to the email server to gain access to address
books
Using another person's email credentials to have free use of an email service
Using another person's email credentials to view that person’s email messages
Using another person's logon credentials for access to use MFPs or networks
Using another person's logon credentials for administrative access to MFPs
You can minimize the risks from identity spoofing in the following ways:
Protect the
From
address field in the MFP Digital Sending and Fax configurations