Maksim Kabakou - Fotolia
Security Think Tank: Printer risks go deep into IT history
Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?
From a security point of view, the humble printer has a lot to answer for. If it hadn’t been for printers, the PC revolution of the 1980s would probably never have embraced the idea of local area networks (LANs) in corporate offices.
We didn’t really need Ethernet (and all its earlier competitors) to get to the datacentre – we had plenty of wired terminal options for that. Rather, the east-west flow of traffic was primarily driven by the need for small groups of people to share printers instead of buying their own.
This east-west traffic in local areas is the bane of the security professional. It makes the network harder to manage as it sprawls outwards, often in the uncontrolled IT equivalent of a shanty town. This, in turn, created the ecosystem in which security threats evolved, moving from viruses spread by floppy disks to those that spread directly over the network, and their descendants we see to this day, such as ransomware spreaders that can take over oil pipelines.
We’ve had waves of LAN-based business applications, but interestingly, the move to mobile devices and cloud has seen that tide flow out again. The current wave of internet of things (IoT) is the latest shift that security professionals need to track, and the humble printer still stands as a barrier that has to be overcome.
These days, employees on mobile devices using cloud-based business apps are a lot less picky about LAN communication needs than they used to be. Who needs a local LDAP server when you authenticate to the cloud anyway? Who needs a big local file server when you can share your content via Box or Teams or other cloud mechanisms? The one last hold-out for special LAN networking – and all the security pain that comes with it – is the printer.
So my advice to security professionals is to shut down east-west traffic as far as possible, anywhere that users move around freely. If we don’t, the IoT will spread across the fabric we built to allow printing, and those IoT devices will bring infections the same way that rats brought the Black Death to Europe.
In my own home, I’ve shut off all Wi-Fi east-west traffic – every wireless device can connect only to the internet, nothing else. I still own a printer, but it is reachable only over a small wired network, or via direct USB link. I’m more than willing to trade the inconvenience of limited printer access for the gain in network resilience as IoT threats proliferate.