adam's notes

Printer Security

  • Use of printers raises several security issues
    • access to print services
    • risks to the confidentiality of printed output

User Authentication

  • may be necessary to prevent unauthorized use of a network printer
  • User authentication means that the printer sharing server or print device will only accept print jobs from authorized user accounts
    • can be configured on a print share
    • E.g., in Windows, the Sharing and Security tabs can be configured with a list of users or groups permitted to submit print jobs
  • print device might support user authentication options for clients who connect directly
    • local authentication option means that a list of valid usernames and passwords is stored on the print device itself
    • network option means that the print device can communicate with a directory server to authenticate and authorize users

Secured Print and Badging

  • secured print is held on the print device until the user authenticates directly with the print device
    • mitigates the risk of confidential information being intercepted from the output tray before the user has had time to collect it
    • Authentication to release the print job might be supported using different formats:
      • PIN
        • requires the user to input the correct password or code via the device control panel
      • Badging
        • print device is fitted with a smart card reader
        • must present their ID badge to the reader to start the print job
    • may be selected as a default option or configured for a particular print job
    • may only be cached for a limited time and deleted if not printed in time
    • might require a memory card or other storage to cache encrypted print jobs

Audit Logs

  • printer share server or print device can be configured to log each job
    • provides an audit record of documents that were sent to the printer by given user accounts and client devices
    • could be used to identify documents that were printed and have gone missing or to identify unauthorized release of information
    • a log collector such as syslog can be configured to transmit the logs to a centralized log server

Graph View

Backlinks