Re: It's a copier, no it's a computer...
From: htredneck (dontcontactviaemail_at_not.com)
Date: 04/21/05
- Next message: Duane Arnold: "Re: IPSEC not blocking specific IP address per Ethereal"
- Previous message: permster: "Truevector Service"
- In reply to: TomC: "Re: It's a copier, no it's a computer..."
- Next in thread: TomC: "Re: It's a copier, no it's a computer..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Apr 2005 05:33:24 GMT
damn.... reviewing this thread tonight I see the post I THOUGHT I
posted the other night wasn't posted...
ho hum... since my liver has just assigned a full class A subnet to
processing the Jack Daniel's in my body I suspect my response may be
less than adequate...
In reality, if you are truly being reasonable with your concerns and
have truly evaluated every other piece of communication capable
equipment in your office, I submit this:
Yes, any device that has been programmed with proprietary (or at
least, non public) code, you are at risk... possibly your old thermal
paper fax 10 years ago was forwarding every transmission to some party
unbeknownced (sp?) to you... it is the inherent risk you take when
you permit such devices into your domain (logical domain, not just M$
domain)...
If you employed some high tech company to analyze your environment,
the reasonable doubt could still exist that they were in bed with some
big brother who is monitoring every piece of data you are
transmitting...
who's to say the gov't doesn't require every telephony or Internet
capable device to connect to some network that all phone bills wont
log or firewalls wont track... it is certainly possilbe... it is even
possible that all (commercial) packet analyzing software would ignore
any data being sent back to "home base"... mind you, I do not intend
to imply such a conspiracy theory is accurate, just possible.
again, like I (believe) I have submitted before; I have no idea how
much time and effort you have invested into the security of your
network, but I suspect your concerns about the savin copier may be a
bit unreasonable (yet, yes, possible)...
If you truly want to secure the data on your network from any prying
eyes (on your side)... I think you will need to hand deliver all of
your data via paper, CD or otherwise to your intended parties (and
then, who's to say their network wont be susceptible to the exact same
risks yours is?
I am truly not trying to mock your concerns, because I truly do
believe them to be founded... but the boundary between information
security and ability to conduct business with the casual public
inherently poses certain dilemmas (sp?) such as the ones you just
proposed... at what point are you prepared to accept the associated
risks?
On Sun, 17 Apr 2005 05:53:31 GMT, "TomC" <albert@ayler.bye> wrote:
>ht;
>
>> certainly, the software COULD be written that way, but I would doubt
>> it...
>
>Is that a common feature of these machines?
>
>> so let me get this straight though. Are you more concerned
>> about the device dialing out by default, or just being susceptible to
>> malicious dial ins?
>
>Neither sounds particularly appealing.
>
>>
>>>
>>>OK, maybe I am being a bit paranoid here, but I'm still curious.
>>
>> yes, I believe you are being a bit paraniod... but my mind works the
>> same way. Potential risk vs. reasonable risk sit on opposite ends of
>> the spectrum on this one though (in my opinion).
>
>Those nice young men in their clean white shirts will be coming for me soon,
>but until they arrive...
>
>Just show me an evaluation from a team of security experts who say that this
>thing can't be hacked from a phone or a LAN Internet connection, and I will
>learn to love its "features". I suspect, however, that the Ricoh Sales
>Department called down to engineering with their "scan and send" brainstorm,
>and the job was assigned to Young Engineer Kim, his first job out of
>college, and he cobbled something together that met the Sales Dept. specs
>without giving any thought at all to security, which he knows and cares
>nothing about anyway. After all, doesn't that describe Microsoft's approach
>to software design until a few years ago? Why would I presume that a copier
>company would do better? The Savin is probably low risk, but "scan and send"
>is in our case a negligible benefit. It's not the end of the world, I just
>don't like it.
>
>Thanks.
>
>Tom
>
>
>
>>
>> Doug
>>
>>
>>>
>>>Thanks.
>>>
>>>Tom
>>>
>>>
>>>
>>>"htredneck" <dontcontactviaemail@not.com> wrote in message
>>>news:425f0355.77691937@news.comcast.giganews.com...
>>>> Maybe I am still a little lost, or (if so, I apologize) I breezed
>>>> through your message so many times that I am now overlooking something
>>>> (sounds ludicrous, I know, but it happens to me all the time "Freaking
>>>> ADHD!!! haha)
>>>>
>>>> at any rate... does the Savin NEED to connect to the Internet in order
>>>> to work?? So long as it doesn't get a default gateway, how will it
>>>> get there... even if it does, just block its access from your
>>>> firewall...
>>>>
>>>> also, even if the thing is using WEP... how likely is it that someone
>>>> is frequency scanning and hacking your network? Not trying to make
>>>> light here, you may very well work in an envirment w/ such a risk, but
>>>> most "typical" environments don't suffer such hazards...
>>>>
>>>>
>>>> I have a lot of other thoughts on this matter since I have set MANY
>>>> copier/printer/scanner etc. devices up, I feel that I might be able to
>>>> be of some assistance here...
>>>>
>>>> what model SAVIN w/ what management card and software?
>>>>
>>>> The hard drive is in many cases a convenience item... caching, scan to
>>>> storage for frequently printed docs (sparing the need for a mail room
>>>> full of copied forms), print to HDD for storage so a passcode must be
>>>> typed at the console from the person who printed it (this is used in
>>>> community printing environments where sensitive docs are printed but
>>>> you only want the originator of the doc to be able to retrieve it)...
>>>>
>>>> sorry about the run on sentences and thoughts here.. post back and I
>>>> will try to focus better on my next response..
>>>>
>>>>
>>>> htredneck
>>>>
>>>
>>>
>>
>
>
- Next message: Duane Arnold: "Re: IPSEC not blocking specific IP address per Ethereal"
- Previous message: permster: "Truevector Service"
- In reply to: TomC: "Re: It's a copier, no it's a computer..."
- Next in thread: TomC: "Re: It's a copier, no it's a computer..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
