Digital Copier Security

Updated: July 09, 2010

In addition to the risks presented by the CBS story here are 5 additional areas where copiers can compromise your security.

1. Storing Network Information: Many digital copiers are also network printers that store network information such as IP addresses, subnet masks and gateway IP's. These settings are not stored on the hard drive and are not cleared by the digital copier "Purge" feature. Network settings must be manually cleared. Security experts will tell you to keep your network configuration private. You don't want competitors or hackers to know your internal network configuration. The more information about your network infrastructure that's accessible to hackers the less they have to figure out on their own and the sooner they can compromise your network.

2. Storing DNS/Domain Information: Many digital copiers store the IP addresses of your DNS servers and/or Domain controllers. Depending on the type and model of your copier, this information may not be cleared by your copier "purge" function. You definitely don't want competitors or hackers knowing the IP addresses of your Name Servers or Domain Controllers.

3. Storing Address Book Information: Many digital copiers store email addresses and some even download your entire Email Global Address List to the copier. Again, you don't want this to be accessible to those outside your company.

4. The Purge Function: The "purge" function used by older digital copy machines doesn't delete any data from the copier hard drive. It only renders the data inaccessible to the copier software. It either deletes a file we techies would call a "file allocation table" or it will use other tactics to render the data unreadable to the copier software. The "Purge" button merely gives an allusion the disk has been cleaned. However, the data is still there and can be removed as shown on the CBS story. Most copier security policies rely on this built-in Purge function and think their data is cleared. It is not cleared. It can still be accessed with free scanning tools available on the internet.

5. Storing Fax Information: If your copier has a fax capability, the copier also stores all the phone numbers it dialed and numbers that dialed it along with any information you provided in your Fax phone book. Again, the "Purge" function will not clear this information.

One of the biggest obstacles surrounding this whole issue of Copier Security is the apathy and ignorance of the Manufacturers. Most copier technicians today still believe the built-in Purge function deletes all information on the copier. To make matters worse, most copier technicians don't know where the different type of information is stored. Some data is stored on the hard drive, some data in flash memory, and some data is stored in firmware. Sensitive information is stored in different places depending on the manufacturer and model of copier. Just when you think it can't get worse. Let me drop the final shoe. There are no utilities that will scan a copier and certify that it has been completely purged for older digital copy machines.

As I mentioned earlier, this CBS news story only scratched the surface of the real risks associated with digital Copier Security. The Copier Security pioneers who were interviewed in the CBS story, Digital Copier Security inc., have done extensive research on these security risks and are working to provide services and resources to help companies thoroughly purge their older copy machines. I applaud Digital Copier Security for bringing this issue to the attention of Corporate America and for working diligently to address this significant security hole.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more