S 3.406 Printers, copiers, and all-in-one devices
Description
Copiers and IT workstation printers are normally standard equipment in an office environment. Work results often need to be printed out on paper, edited, and archived. However, it is often not very efficient to equip every single workstation with a printer. For this reason, central network printers, copiers, or all-in-one devices are provided so the users can print out or duplicate their documents.
It is usually not desirable to send the print jobs from the workstation PCs directly to the network printer. A central server, which takes on the print jobs and distributes them among the available printers, often offers more advantages than disadvantages, which is why printer infrastructures also contain a print server as a rule.
In many cases, the integration of paper-processing devices in a network is not only restricted to printers. Network-capable document scanners, for example, can be made available for a number of users so the users can digitise their paper documents. When used in connection with a printer, for example, a scanner can fulfil the function of a copier.
This module handles the security of networked printers, print servers, document scanners, copiers, and all-in-one devices. An all-in-one device is a device that provides several different paper processing functions, for example printing, copying, and scanning, or fax services as well. For the sake of improved readability, not all types of devices are mentioned individually everywhere. However, since the security recommendations for digital copiers, for example, are similar to those for network printers, the safeguards also apply to the same extent to these devices.
Threat scenario
Like every IT system, printers, digital copiers, network-enabled scanners, and all-in-one devices are subject to a number of threats. The following typical threats to the IT baseline protection of these systems are assumed to exist:
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.6 | Unauthorised admission to rooms requiring protection |
| T 2.8 | Uncontrolled use of resources |
| T 2.15 | Loss of confidentiality of sensitive data in the UNIX system |
| T 2.20 | Inadequate or incorrect supply of consumables |
| T 2.122 | Inappropriate use of all-in-one devices |
Human Error
| T 3.1 | Loss of data confidentiality or integrity as a result of user error |
| T 3.3 | Non-compliance with IT security measures |
| T 3.6 | Hazards posed by cleaning staff or outside staff |
| T 3.44 | Carelessness in handling information |
| T 3.86 | Unregulated and careless use of printers, copiers, and all-in-one devices |
Technical Failure
| T 4.43 | Undocumented functions |
| T 4.64 | Complexity of printers, copiers, and all-in-one devices |
| T 4.65 | Inadequate protection of communication for printers and all-in-one devices |
| T 4.66 | Impairment of health and environment due to printers, copiers, and all-in-one devices |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.71 | Loss of confidentiality of classified information |
| T 5.140 | Evaluation of residual information in printers, copiers, and all-in-one devices |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
Print servers are generally ordinary IT systems which are operated as the corresponding type of server. In this case, module S 3.1 General server and the corresponding operating system-specific server module must be taken into account. If Samba is to be used as print server on Unix servers or if Unix clients should have access to shared printers, then the module S 5.17 Samba must be applied.
When using printers, copiers, and all-in-one devices, the following areas in particular should be analysed in terms of IT security:
- encryption of information and communication (protection of the digital data),
- system protection (protection of the devices), and
- document access (protection of the printed documents).
Planning and design
The use of network printers, copiers, and all-in-one devices must be planned carefully (see S 2.397 Planning the use of printers, copiers, and all-in-one devices). In safeguard S 4.304 Administration of printers, you will find more detailed information on the components used in and the design of typical printer landscapes. The security requirements for network printers must be integrated into the general security strategy of the organisation.
Many of the problems arising in connection with printers cannot always be solved through technical safeguards. The users must be informed of how to operate the printers securely and also be obligated to use them securely (see S 2.397 Planning the use of printers, copiers, and all-in-one devices).
In addition to classic printers, other similar types of devices should also be considered. These types of devices include, for example, all-in-one devices (S 5.146 Network separation when using all-in-one devices) and document scanners (S 4.303 Use of network-enabled document scanners).
Purchasingdocument access (protection of the printed documents).
The requirements on the products to be purchased must be formulated based on the operational scenarios, and the process of selecting suitable products must be based on these requirements (see S 2.399 Criteria for the procurement and selection of suitable printers, copiers, and all-in-one devices).
Implementation
After all planning stages are completed and all components have been procured, the initial operation of the devices must be examined. In this case, the most important aspect is where the devices will be located (see S 1.32 Suitable locations for printers and copiers) and how access to the devices will be restricted (S 4.301 Restrictions on access to printers, copiers, and all-in-one devices).
Like every IT system, network-enabled printers, copiers, and scanners must be protected against unauthorised use (see S 4.299 Authentication for printers, copiers, and all-in-one devices). Note, though, that the media used to store and transfer the (digital) information must also be appropriately protected. Their protection is described in safeguard S 4.300 Information security for printers, copiers, and all-in-one devices.
In addition to the printing hardware, the software components such as print servers and clients are also important for secure operation. The corresponding safeguard and modules, such as S 5.145 Secure use of CUPS or M 5.17 Samba, must be implemented depending on the operating system and printing system used.
Operation
In addition to the logging of important events (see S 4.302 Logging on printers, copiers, and all-in-one devices), the supply of consumables for the devices (see S 2.52 Supply and monitoring of consumables) is also important once routine operation has begun.
Disposal
In almost all cases, information requiring protection is stored on the printers, copiers, scanners, and all-in-one devices. When these devices are disposed of, safeguard S 2.400 Secure withdrawal from operation of printers, copiers, and all-in-one devices must be taken into account.
Contingency Planning
Aspects relating to contingency planning for networked printers, copiers, document scanners, and all-in-one devices are handled in safeguard S 6.105 Contingency planning for printers, copiers, and all-in-one devices.
In the following, the bundle of security measures for the "Printers, copiers, and all-in-one devices" module are presented.
Planning and design
| S 2.397 | (A) | Planning the use of printers, copiers, and all-in-one devices |
| S 2.398 | (A) | User guidelines for handling printers, copiers, and all-in-one devices |
Purchasing
| S 2.399 | (W) | Criteria for the procurement and selection of suitable printers, copiers, and all-in-one devices |
Implementation
| S 1.32 | (B) | Suitable locations for printers and copiers |
| S 4.299 | (Z) | Authentication for printers, copiers, and all-in-one devices |
| S 4.300 | (Z) | Information security for printers, copiers, and all-in-one devices |
| S 4.301 | (C) | Restrictions on access to printers, copiers, and all-in-one devices |
| S 5.145 | (A) | Secure use of CUPS |
Operation
| S 2.52 | (C) | Supply and monitoring of consumables |
| S 4.302 | (C) | Logging on printers, copiers, and all-in-one devices |
| S 4.303 | (C) | Use of network-enabled document scanners |
| S 4.304 | (Z) | Administration of printers |
| S 5.146 | (C) | Network separation when using all-in-one devices |
Disposal
| S 2.13 | (A) | Correct disposal of resources requiring protection |
| S 2.400 | (A) | Secure withdrawal from operation of printers, copiers, and all-in-one devices |
Contingency Planning
| S 6.105 | (C) | Contingency planning for printers, copiers, and all-in-one devices |