I admit to being something of an IT security geek — a direct spin-off of having been fortunate enough to work with Zone Labs (now part of CheckPoint), McAfee, Trend Micro, and Catbird. And I thought I understood the mechanisms that hackers use to penetrate corporate networks.
And then I saw Andrew Hay’s amazingly detailed blog post about how the failure to read the documentation that comes with printers is leaving many networks with a wide-open backdoor that hackers are using to mount phishing attacks that simply by-pass network security.
One of the realizations that Andrew Hay’s article gave me is that I might be broadcasting to the world the exact brand of computer, printer, smartphone, and other devices that are connected to my home network. That seems somewhat akin to posting a sign that says, “Thieves can get a pawnable iPad by breaking into this house.”
So whether you’re a small business owner, run a home-based business, or are part of a corporate IT department, take a few minutes and review the steps that the OpenDNS Security Lab recommends to secure your network from this kind of attack. It’s worth the effort, I think!
If the geek-speak in the original article is over your head (I admit some of it is over mine after 20 years “in the field”), here’s the bottom line: printers, scanners, and other connected devices have to be secured just like computers and laptops. And don’t forget iPads, iPods, Android tablets and smartphones, and other mobile devices.
I helped Breezy write an overview of how to deliver secure mobile printing — you can download a free copy of the ebook at this link — and I’ve been writing often about secure printing for the Breezy blog. But Andrew Hay’s article put it into a new perspective for me — and if it doesn’t scare you, then you’re not paying attention.
As the Canadian security expert wrote in his blog post: “The old adage of “measure twice, cut once” is solid advice that is often ignored in the digital world. We at OpenDNS, however, believe that when talking about IP-enabled devices, a new and more targeted adage should be followed:
“Read [the documentation] twice, connect [the device] once.” – Andrew Hay
“Here’s why. We all live busy lives. So busy, in fact, that many believe that computer printers haven’t really changed much over the years to warrant reading the instructions. Sure, many newer models can be connected to your local network but that’s only for internal network connectivity, right? Unfortunately, that is not the case.”
What that means is that ANY device connected to the Internet can become a pathway for hackers to access your network — and the computers attached to your network. So if you haven’t taken a look at your security lately, now’s a good time.
Illustration credit: The illustration of the man reading on iPad was created in SketchBook by artist Susan Murtaugh, and offered on Flickr under a Creative Commons License.
Breezy download site requires several scripts to be turned on, and requires personal info. Not “well behaved” but passable.
Not kosher is the potential cross-site scripting (XSS) error that gets flagged by the security settings in my browser.
So, will have to seek the info elsewhere, I guess. 😦
I would be happy to forward any Breezy document you want. The cross-site scripting is, I believe, imposed by Hubspot, which is the marketing tool the company uses.
I’m sorry that it caused you not to download the document!
Thanks, Deb. Scary and not normally something you think of. Makes me glad I still have my old (but still wonderful) Canon printer, which isn’t network-enabled and that I only turn on about once a month when I actually need to print.
Hi, Lisa —
Yes, you’re right. I run a high-quality security package (Zone Alarm, of course!), and generally think I’m pretty well protected.
Then I realize that I have a 13-year-old who has a school-issued Netbook with security settings I can’t even see, let alone monitor, and he’s connected to my printers, home network, back-up drives and so forth. And suddenly I realize I may be more vulnerable than I think.
I added the IP addresses noted in Andrew Hays’ excellent blog post to my system, and am adding antoher layer of protection today as well. Certainly woke me up — and I’ve always been pretty paranoid about this stuff.