Digital Copier Security
In addition to the risks presented by the CBS story here are 5 additional areas where copiers can compromise your security.
1. Storing Network Information: Many digital copiers are also network printers that store network information such as IP addresses, subnet masks and gateway IP's. These settings are not stored on the hard drive and are not cleared by the digital copier "Purge" feature. Network settings must be manually cleared. Security experts will tell you to keep your network configuration private. You don't want competitors or hackers to know your internal network configuration. The more information about your network infrastructure that's accessible to hackers the less they have to figure out on their own and the sooner they can compromise your network.
2. Storing DNS/Domain Information: Many digital copiers store the IP addresses of your DNS servers and/or Domain controllers. Depending on the type and model of your copier, this information may not be cleared by your copier "purge" function. You definitely don't want competitors or hackers knowing the IP addresses of your Name Servers or Domain Controllers.
3. Storing Address Book Information: Many digital copiers store email addresses and some even download your entire Email Global Address List to the copier. Again, you don't want this to be accessible to those outside your company.
4. The Purge Function: The "purge" function used by older digital copy machines doesn't delete any data from the copier hard drive. It only renders the data inaccessible to the copier software. It either deletes a file we techies would call a "file allocation table" or it will use other tactics to render the data unreadable to the copier software. The "Purge" button merely gives an allusion the disk has been cleaned. However, the data is still there and can be removed as shown on the CBS story. Most copier security policies rely on this built-in Purge function and think their data is cleared. It is not cleared. It can still be accessed with free scanning tools available on the internet.
5. Storing Fax Information: If your copier has a fax capability, the copier also stores all the phone numbers it dialed and numbers that dialed it along with any information you provided in your Fax phone book. Again, the "Purge" function will not clear this information.
One of the biggest obstacles surrounding this whole issue of Copier Security is the apathy and ignorance of the Manufacturers. Most copier technicians today still believe the built-in Purge function deletes all information on the copier. To make matters worse, most copier technicians don't know where the different type of information is stored. Some data is stored on the hard drive, some data in flash memory, and some data is stored in firmware. Sensitive information is stored in different places depending on the manufacturer and model of copier. Just when you think it can't get worse. Let me drop the final shoe. There are no utilities that will scan a copier and certify that it has been completely purged for older digital copy machines.
As I mentioned earlier, this CBS news story only scratched the surface of the real risks associated with digital Copier Security. The Copier Security pioneers who were interviewed in the CBS story, Digital Copier Security inc., have done extensive research on these security risks and are working to provide services and resources to help companies thoroughly purge their older copy machines. I applaud Digital Copier Security for bringing this issue to the attention of Corporate America and for working diligently to address this significant security hole.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
