Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can IP devices like multifunction printers and faxes be secured?

IP devices like multifunction printers and faxes may be an attack vector. Expert Nick Lewis explains the vulnerabilities, and how to secure them against attacks.

I know they are becoming a depreciated technology, but lots of companies still have one or more fax machines, many...

of which have network connections to deliver messages to users. Some of them are multifunction IP devices with Bluetooth, wireless and Ethernet capabilities. These devices almost certainly represent an attack surface. Has anyone looked at the possibility of getting to a shell prompt with a specially crafted input through the dial-up connection? What are the best ways to secure these kinds of IP devices?

An enormous number of critical business processes use faxes or multifunction printers to communicate signatures or other critical communications. There have been many advances in digital signature laws and services, and this is an area where companies like DocuSign and Adobe are disrupting the market, along with introducing more secure solutions. As the submitter mentions, standalone fax machines are not a growing device market. More companies have been providing interfaces to send faxes, such as printers and email among other means, in order to create a transition from legacy systems to new systems.

IP devices connected to a network are computers and need to be secured. A fax machine with an IP address is very similar to an internet of things device that is connected to a network. Most attackers have focused on IP devices rather than on analog dial-up connections. For the IP devices, there have been some attacks that have allowed for remote code execution. Most attacks that could affect the dial-up connection aspect of a fax machine focus on SS7 hacks, but are unable to run code on endpoints via the analog connection.

To secure the IP devices, follow security guidance collected at HEISC Information Security Guide on copier and multifunction device security, as well as the NIST and device manufacturer guidance. The analog aspect has received less attention, but recommendations for interactive voice response systems could be used to detect attacks.

Next Steps

Learn how your enterprise can mitigate IVR security threats

Read how to prevent attacks on IoT devices

Find out how to secure the SS7 protocol from eavesdropping

This was last published in August 2016

Dig Deeper on Risk assessments, metrics and frameworks

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your enterprise have best practices for securing IP-enabled devices?
Cancel
We are currently in the process of performing an assessment to establish what current practices are and how we can best introduce better practices and standards with respect to securing IP-enabled devices.
Cancel
You can read the NIST paper on risk management for replication devices at http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8023.pdf
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close