Analysis

The importance of endpoint security

Enterprise grade firewalls and rock solid server security is all well and good, but what about your printers?

Network security is a huge issue, one which has gained significant public awareness after the WannaCry ransomware attack of May 2017 so badly affected the UK's National Health Service. But this was just the highest-profile incursion of the last few years. The potential dangers are there every day, for every company. Research by business ISP Beaming calculated that cyber security breaches cost UK businesses 30 billion in 2016.

The most common areas where hackers focus their attention when trying to gain access to a corporate network are endpoints, which often sit outside the control of the corporate network. Traditionally, endpoints would be portables like laptops, and most recently smartphones. But printers can be endpoints too, and extremely vulnerable to attack. Most companies don't even realise their printers are so exposed, nor how dangerous it can be if these devices are compromised. 

An endpoint device can in theory be any computer device with Internet connectivity hooked up to a TCP/IP network, and the range of kit fitting into this definition is growing all the time. Attention has recently been focusing on Internet of Things IoT - devices, which can have cheap mass-produced firmware that's as easy to hack into as a watermelon. Corporate network printers might not be as exposed to the outside world as a Wi-Fi-connected lightbulb from an unheard-of brand, since a printer will probably sit behind an industrial-strength firewall. But most network printers have a combination of features that make them ideal endpoints for attack.

The processing power required for handling multi-page, sometimes full colour print jobs as quickly as possible means printers have fast CPUs, plenty of memory, and sizeable local storage. Yet, whilst they may be running software that keeps print jobs private to the owner via passcode or NFC-chipped identity card, the device itself may not be so impervious, and that can lead to all manner of issues. This possibility was brought to the fore when a UK teenager recently hacked into around 150,000 Internet-connected printers and configured them to output ASCII art and other messages.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Once the printer itself is compromised, everything going through it will be too. Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network. HP's The Wolf videos illustrate how endpoints, particularly printers, can be used to find a way into a network to steal valuable data.

Even a print job itself can contain the necessary malware code to compromise a printer. A seemingly innocuous attachment to an email that looks like just a printable image might have embedded within it the necessary code in the print stream to compromise the printer's firmware. This can then be used to circumvent the company's firewall by capturing data inside the protected area as it travels unencrypted across the local area network. This could include sensitive financial information, with potentially costly implications if this is stolen.

Whilst individual endpoints can be made more secure, HP provides a fully managed infrastructural approach that protects endpoints whilst also making it possible to monitor them over the network. Laptops and printers can be secured at the BIOS level. HP SureStart, for example, is available on EliteBook laptops and HP's business printers. This is a self-healing system that restores the BIOS to a safe state if BIOS integrity has been compromised.

With printers, the next stage is checking that the firmware matches a white list of FutureSmart digitally signed versions, and if not, the device will reboot. If the firmware passes, HP JetAdvantage Security Manager will then check that device security settings are correct. Finally, run-time intrusion detection looks out for anomalies in everyday firmware and memory operations that would indicate an attack, and reboots the device if this is indicated. The process then begins again with SureStart, flushing out any compromised code in the process.

This isn't just a standalone device approach, though. HP's management software will detect attacks across a fleet of devices and provide monitoring and protection, via JetAdvantage Security Manager. This lets you create a policy that is to be applied across the fleet of devices, and then apply it. HP Security Manager will ensure that this policy is applied every time a device is reset. Any non-compliance with the policy can be detected, reported, and then corrected. It's even possible to provide risk assessment reporting across the fleet, identifying less secure devices with older firmware or that lack SureStart, whitelisting or run-time intrusion detection.

The threat of printer compromise has only recently become widely recognised, and HP is at the forefront of providing solutions that prevent these attacks from occurring. But the threat landscape is constantly evolving, and new threats are appearing all the time. It's an arms race, where new endpoints become the focus of attack, and new protections must be put in place. But with the right security partner that is dedicated to researching not just current threats but those around the corner, endpoint defence can keep pace so your company remains secure.

Advertisement - Article continues below

Find out why endpoint security is so important.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34588/hp-elite-dragonfly-hands-on-review-a-potential-xps-killer
Hardware

HP Elite Dragonfly hands-on review: A potential XPS killer

9 Oct 2019
Visit/laptops/34468/hp-elitebook-x360-830-g6-review-above-the-fold
Laptops

HP EliteBook x360 830 G6 review: Above the fold

26 Sep 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/data-insights/big-data/354311/google-reveals-uks-most-searched-for-terms-in-2019
big data

Google reveals UK’s most searched for terms in 2019

11 Dec 2019