January 26, 2007
Your Printer: It's Not Dumb. It's A Potential Security Hole
Stop reading this and have a look at your printer. Go ahead - have a look. When you look at that piece of plastic you probably think that it's one of the dumbest office technologies in your office.
You basically hit print and paper comes out.
But what you might not realize is that your printer - especially your network printers - is filled with all sorts of complex software and is a mini-computer with a hard disk. What does this mean?
This means that it can serve as a host for a VERY nasty virus and infect your network.
Computer World writes The Blaster worm hit McCormick and Co. hard and fast. It entered the famous spice company through a service provider connection and ripped across plants and offices in a matter of hours. What was most vexing, however, was that the virus kept coming back on disinfected network segments.
Upon further investigation, it turned out that Blaster, as well as some instances of the Sasser worm, were trying to repropagate from infected network printers.
The best protection you can take is to patch, patch, patch and work with your printer vendor to ensure your printer is secure.
The article continues that Last year, Symantec [a sponsor of Small Business Summit 2007] logged 12 new security vulnerabilities for five network printer brands: Brother, Canon, Epson, Fujitsu, Hewlett-Packard, Lexmark and Xerox.
I know there's so much you have to do to ensure your business is digitally secure - but that's the cost of doing business so do it.
Get Small Business Technology Report
Via Email Every Tuesday
What is Smallbiztechnology.com?
Smallbiztechnology.com helps small-medium sized businesses strategically use technology as a tool to grow their businesses and provides news, articles, discussion boards, resources, analysis & events for the owners of small to medium sized busineses.
Subscribe to the Smallbiztechnology feed.
Recent Posts
- All In One Network Appliances. Know Your Options.
- 9 Simple and Effective E-Commerce Sales Booster Ideas
- Power Point Presentations: Let It Be An Experience (Learning From Al Gore)
- Pay-Per-Click Advertising for Peanuts
- Downloading Microsoft Windows Updates Can Be Bad For Your Health
- Time is Money. How Are You Tracking Yours?
- Are You Collaborating Creatively?
- When Technology Embarrasses Us! :)
- Is Online Marketing Confusing You?
- Email Marketing Providers: How to Choose
Join our Facebook group
The Third Annual Small Business Summit 2008 was a smashing success. Check out the Summit site for what you missed. See the 2008 Summit presentations, video and photos!
Comments
#1 posted by Larry Kovnat, December 10, 2007 10:51 AM
DATE: 01/30/2007 11:52 AM
Ramon,
I'm the product security manager for Xerox's Office Group. I've been spearheading the effort within the organization to improve the security of our office devices for almost 5 years now. IT is just beginning to wake up to the need to manage printers and other networked office equipment with the same due diligence applied to desktops and servers. From the network point of view these devices are just another computer node, and need to be managed accordingly. We've been trying to get that message out ever since we started making digital MFD's. Any software person will agree that software is never perfect, and that it must be continually maintained and updated. Go to any one of the security databases, search on Xerox, and you'll see that almost every one of those was originally reported by us. We keep testing and looking for problems, and when we find something, we let our customers know so that they can go and get the patch. We're not perfect by any means, and we have some improvements to make in our patch management process, but we keep working on it. I know there are a lot of researchers out there who would like to have more visibility into the internals of our systems so that they can secure the system themselves, which is certainly a noble goal. We try to balance the need for disclosure with the equally important goal of preventing any zero-day attacks. If we can find and patch the holes ourselves (or better yet design them out in the first place - developers, listen up!) then we'll all be better off.
Larry Kovnat
Product Security Manager
Xerox
Post a comment