A replication device is
|“||any device that reproduces (e.g., copies, prints, scans) documents, images, or objects from an electronic or physical source.||”|
RDs in use within organizations run the gamut in terms of age and functionality. Older, single-function devices may have no internal, nonvolatile storage and cannot be networked. Other devices may provide a variety of functions, be network-connected, run commercially available operating systems, contain internal, nonvolatile storage, and contain embedded internal print servers and web server capability. In between the two extremes, there may be RDs with network and/or storage functionality but no discernable means to configure them securely.
Additionally, many organizations may not have an accurate inventory of RDs or recognize what functionality each device possesses, especially with respect to information (data) storage, processing, and transmission.
Security concerns Edit
Historically, the capabilities of RDs were limited to basic copying, scanning, and printing. Storage of scanned or printed information within the RDs was not part of the device functionality and RDs were locally (directly) connected to computers via a cable or were stand-alone devices so the security of information processed by RDs was generally not a consideration for most organizations.
Today, however, RDs are often connected to organizational networks, have central processing units that run common commercial operating systems, store information internally on nonvolatile storage media, and may even have internal servers or router]s. As a result, RDs may be vulnerable to a number of exploits if the risk is not mitigated using appropriate security practices/controls.
- Default administration/configuration password: Many devices have default passwords which can be easily obtained and used to access configuration panels, stored data, or to control the device locally or remotely via a web interface.
- Data capture: When data is transmitted or stored unencrypted, it is subject to interception. This data may include device passwords, configuration settings, or processed jobs. Such data may appear to be unreadable but is an exploitable vulnerability if it is not encrypted.
- Disruption of service: RDs may be susceptible to a variety of threats which disrupt the availability of services. User interfaces, power consumption, and internal mechanical and software operations may be especially vulnerable.
- Spam: Most RDs, if not properly configured, will process any submitted job, without regard to the originator, without confirmation that the job is authorized, and without authentication. If exploited, this vulnerability may waste ink, paper, toner, or other materials while also resulting in a denial of service for legitimate users.
- Alteration/corruption of data: Exploits of this nature may be very difficult to detect, but could result in reduced quality, a denial of service (for example, if a password is altered), or a potentially hazardous situation (for example, if configuration settings are altered to allow the device to overheat).
- Outdated and/or unpatched operating systems and firmware: Many RDs run an embedded commercial operating system which renders them subject to the same threats and vulnerabilities as any other computing device running those same operating systems. To complicate matters, RD manufacturers may embed versions of operating systems for which the operating system provider is no longer providing updates or the functionality to install patches or updates is not available. Buffer overflows, execution of arbitrary code, and taking control of the device using remote administration capabilities via web server/site are but a few examples of exploits to which RDs with unpatched operating systems and firmware are vulnerable.
- "Overview" section: Risk Management for Replication Devices, at 1.
- "Security concerns" section: Id. at 1, 2.