You need to think about printing confidential documents and leaving them in the output tray. If you aren’t careful, anyone can come along and grab them. Especially if you print something and someone picks up their print job before you get to the printer. If the information on the document is personally identifiable information (PII), customer data or financial information, this could become serious.
One of the best ways to address this is to implement pull printing or some type of secure release. You print and only release it when you get to the printer. You can type a PIN into the panel of an MFP or swipe a smart card to release the job; there are lots of ways to do this. This reduces the temptation by employees and anyone walking around to go snooping to see what they can find – out of sight, out of mind.
Here’s a great little video that shows the problem in action.
In January The Schmoo Group held its annual get together called ShmooCon 2011. This is an annual east coast hacker convention in the US where people discuss critical information security issues and demonstrate technology exploitation, inventive software and hardware solutions.
This year Deral Heiland and Pete Arzamendi presented a discussion on serious vulnerabilities in multifunction printer (MFP) security. In this presentation they focused on gathering data from MFPs and using it to access other systems on a network. By taking advantage of poor printer security and vulnerabilities they grabbed an abundance of information including usernames, email addresses and passwords. They used that information to get administrative access into email servers, file servers and Active Directory domains.
Read the rest of this entry »
We all know that the weakest link in the chain always compromises our information security. This is a great futuristic looking video showing how people are the weak link and we need education to improve.
I want the computer system they show in this video.
This week is the RSA Conference in San Francisco and it focuses on information security and all that entails. While this is a very broad topic that covers everything from anti-virus software to how to prevent the next cyber attack, the common goal is the same. Each of us has something that others want to steal or exploit and we need to figure out a way to prevent them from doing that.
While governments and security experts focus on big ideas, and they should, most of us are still caught in the never ending cycle of patch, detect, remediate or wash, rinse, repeat. Our information systems are flawed and malicious people are continuously finding ways to compromise them. We find problems, patch them and fix the damage. It’s a never ending cycle.
Read the rest of this entry »
More and more of our information and day-to-day activities are in the cloud. Email, file storage, pictures, personal data and the like are sitting in cloud-based applications. Most systems still use the old fashioned (some say quaint) practice of accessing these systems with a username and password. The problem is that all of it is subject to attack by all the hacking and phishing schemes for our passwords. It is not the most secure system, but it is convenient.
Fortunately Google is taking a big step forward with their new two-factor authentication for everyone who uses Google services. This feature has been available to Google Apps customers since last fall and it’s coming to a browser near you soon. The feature is an opt-in one (are you listening Facebook) and most of us should be seeing it in the next week or so.
So what is it? Two-factor authentication is a way to improve security by requiring your existing password and a short-lived verification code. The two factors are something you know, such as your password, and something you have, such as a physical token or ID card. You could also use biometric data, like a fingerprint; you see this in movies all time. This is not a new concept and many businesses have been using it for years. The common approach is to have a physical device that connects through a computer or a wireless network and generates a verification code. You enter the code and you are in.
Read the rest of this entry »
