Re: Are Multi-Function Printers a Security Risk?
From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 03/22/05
- Previous message: Joseph Scalise: "Track Remote Desktop Connections?"
- In reply to: Stan G.: "Are Multi-Function Printers a Security Risk?"
- Next in thread: BAR: "Re: Are Multi-Function Printers a Security Risk?"
- Reply: BAR: "Re: Are Multi-Function Printers a Security Risk?"
- Reply: Stan G.: "Re: Are Multi-Function Printers a Security Risk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Mar 2005 08:18:01 -0800
It sounds far-fetched, but remotely plausible. Surely along with this
recommendation comes some links to documentation of the presence of the
threat?
In a well-designed MFP, the fax software and the networking software would
be well-segmented. In a poorly-designed MFP, an overflow in the fax
software might allow intruding code access to the network.
However, the consideration then is: what is it suggested that you replace
the MFP with?
A physically separate fax system, unplugged from the network, would be
safer - but a separate fax machine is more expensive, because you're
essentially buying a printer and a scanner that are only ever used for
faxes, and if you have other printing and scanning requirements, you would
then need to buy another printer and scanner.
Replacing an MFP with a PC that receives faxes over a modem card, and scans
/ prints via attached peripherals, isn't going to be any better off, from a
security standpoint, than the MFP. The only advantage of a PC running your
fax solution would be that you could leave it unplugged from the network,
and transfer data to and from it via physical media (floppies, or other
removable storage). I am not aware of any MFPs that have physical media
inputs.
Finally, of course, there's the issue that, as you point out, you are guests
on their network - they get to state the rules. You may be allowed or
encouraged to question the rules, but you have to live by them. If you're
found disobeying the rules (however ill-conceived you may feel they are),
you will probably find yourselves disconnected, so you should probably ask
the VA what it is that they accept as a secure alternative.
Alun.
~~~~
-- Software Design Engineer, Internet Information Server (FTP) This posting is provided "AS IS" with no warranties, and confers no rights. "Stan G." <Stan G.@discussions.microsoft.com> wrote in message news:F2228105-8D00-4120-B17E-01A20677E647@microsoft.com... > Some of my users work as veteran's advocates within Veterans > Administration > offices across the country. As such they are guests on the VA's network > subject to there rules and guidelines. Recently I was informed that they > are > not allowed to use Multi-Function Printers due to a security risk. They > are > saying that someone can dial into the MFP Fax, access the attached PC > through > the printer interface and thus gain access to the network. This sounds a > bit > far fetched to me. Is this a real possibility? > >
- Previous message: Joseph Scalise: "Track Remote Desktop Connections?"
- In reply to: Stan G.: "Are Multi-Function Printers a Security Risk?"
- Next in thread: BAR: "Re: Are Multi-Function Printers a Security Risk?"
- Reply: BAR: "Re: Are Multi-Function Printers a Security Risk?"
- Reply: Stan G.: "Re: Are Multi-Function Printers a Security Risk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
