Risk
8/10/2010
12:36 PM
50%
50%

Xerox Advises Securing Data In Printer Hard Drives

Network printer and MFP hard drives may contain sensitive data that can be secured using encryption or overwriting.

"The risk is that after a job is done, MARCed and printed, there may be some residual data left behind associated with that job," says Kovnak. And, as with computers, even if the system "deletes" a file, that doesn't actually remove file contents, just frees up those spaces on the disk for re-use, so if a large print job that contains sensitive data is followed by a smaller print job, some sensitive data might still be on the drive.

Also, Kovnak points out, "Some of our more complex devices let users store jobs for later reprinting, or to hold the job until the user arrives and requests the file" (so that it won't be sitting around where an unauthorized person can read or take it).

As with computers, says Kovnak, there are two ways to counteract the risk of that data being accessible: "Encryption, which protects the data while it's still in use, and overwriting, after a job is done."

How can you tell if your printer or MFP could have data at risk?

"It's hard to tell just by looking whether a device has a disk," Kovnat points out. "If it's a device you already own, you have to check the product description. SMBS can the vendor representative."

According to Kovnat, many Xerox devices include both encryption and overwrite. "The encryption feature in most of our devices is enabled by default; the overwrite is not enabled by default," says Kovnat. "For most of our products, they're now standard, but they may not be turned on."

Xerox also offers data security features that can be downloaded, for some machines -- but, he cautions, "for older products -- ones introduced five or more years ago -- these features may not be available."

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8893
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8894
Published: 2015-01-28
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVE-2014-8895
Published: 2015-01-28
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

CVE-2014-8917
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media A...

CVE-2014-8920
Published: 2015-01-28
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.