Corporate Printer Security - Guidelines

Printer-friendly version

1. Purpose and Objectives

This guideline contains information on securing print resources in support of the Acceptable Use of UQ ICT Resources Policy.

Printers are no longer dumb devices with no storage capacity. Confidential and/or sensitive data often flows to printers and MFD. Without adequate security, this data could be subject to unauthorised access. It is not sufficient to rely on general security policies and procedures as they are not always specific regarding configurations.  Organisational Units should develop detailed standards, procedures or guidelines for the management and configuration of all networked printers and MFD.

2. Definitions, Terms, Acronyms

Multi functional Device (MFD) - multi-function devices (MFDs) or multi-function printers that perform all or most of the following tasks:

• Printing

• Copying

• Stapling/stacking

• Digital sending to email

• Digital sending to a network folder

• Document Management

Print Device - any printer or multi-functional device.

3. Guidelines Scope/Coverage

This is a University-wide guideline which applies to all users of University ICT resources – including (but not limited to) staff, students, contractors, third parties, associates and honoraries, alumni, conjoint appointments and visitors to the University.

4. Guidelines Statement

The default factory-set passwords on networked Print Devices should be changed as one of the first steps of deployment. This will reduce the risk of unauthorised configuration changes or access to documents.

4.1 Simple Network Management Protocol (SNMP) is an application-layer protocol that helps administrators monitor and manage network devices, including Print Devices. SNMP v3 or later should be used to manage Print Devices due to its more robust encryption and authentication mechanisms which minimize the risk of unauthorized access to modify Print Device configurations and information about documents processed by the Print Device.

4.2 Print Device -specific standards should be created that give detailed settings and instructions for optimal printer security

4.3 Critical Print Devices (used for printing, photocopying, scanning or faxing critical and private/personal information e.g. cheques, patients’ health information, student’s academic transcripts and testamur) should be located in a secure area. This is to prevent unauthorised access to confidential and personal or private information.

4.4 Access to modify files located in a Print Device buffer or print server should be limited to reduce the risk of unauthorised access or changes to the data

4.5 Print Device logs can be useful in auditing suspicious activity and should be enabled where necessary.

4.6 Services such as File Transfer Protocol (FTP) and Telnet should be disabled where possible to reduce the risk unauthorized use of the Print Device or modification of printer settings.

4.7 Services should be provided using HTTPS rather than HTTP to reduce risk of unauthorized access to documents and Print Device logs. Networked print devices should be put on a private IP address and network access to them should be restricted via available means such as local access controls on the device, or via a network firewall.

4.8 The latest security patches should be applied to reduce the risk of unauthorized access to documents.

4.9 System management and security procedures must be regularly reviewed to ensure they capture required process improvements.

4.10 Hard disk data “encryption” and/or “overwrite” features should be turned on where available to protect data from remote access or access to the Print Devices hard drive

4.11 The latest security patches should be applied to reduce the risk of unauthorized access to documents.

4.12 System management and security procedures must be regularly reviewed to ensure they capture required process improvements.

4.13 Information and records stored on the Print Device must be appropriately managed and removed prior to disposal of the device.

4.14 Re-writeable media (EPROM, laser printer and photocopier drums, hard disk drives, etc) may be sanitised for reuse by wiping or by using a suitable degaussing tool. Sanitisation of magnetic media by erasure should be performed using specifically designed security erasure software to effectively wipe the contents of electronic storage media. It is also important to ensure that any encryption keys are removed from the media.

4.15 Write once media (printer ribbons, PROM, ROM) cannot be sanitised and should be destroyed if they contain or may have contained security classified information assets.

Chief Information Officer Mr Rob Moffatt
Chief Information Officer Mr Rob Moffatt