Office of The Government Chief Information Officer
Office of The Government Chief Information Officer
Office of The Government Chief Information Officer
INFORMATION SECURITY
Practice Guide
for
in the Offices
[ISPG-SO01]
Version: 1.0
August 2018
The contents of this document remain the property of and may not
be reproduced in whole or in part without the express permission
of the Office of the Government Chief Information Officer
COPYRIGHT NOTICE
Unless otherwise indicated, the copyright in the works contained in this publication is owned
by the Government of the Hong Kong Special Administrative Region. You may generally
copy and distribute these materials in any format or medium provided the following
conditions are met –
(a) the particular item has not been specifically indicated to be excluded and is therefore
not to be copied or distributed;
(b) the copying is not done for the purpose of creating copies for sale;
(c) the materials must be reproduced accurately and must not be used in a misleading
context; and
(d) the copies shall be accompanied by the words “copied/distributed with the permission
of the Government of the Hong Kong Special Administrative Region. All rights
reserved.”
If you wish to make copies for purposes other than that permitted above, you should seek
permission by contacting the Office of the Government Chief Information Officer.
Amendment History
Amendment History
Table of Contents
1. Introduction ..................................................................................................................... 1
1. Introduction
Nowadays, new generation of network printers are “smart” machines that have
central processing units, the capability of storing information they processed in their
internal storage devices; and connecting to wired or wireless networks. With these
capabilities, most of the current network printers can be used for more than just
printing; they can also be used for copying, scanning, faxing and emailing
documents. Some of the network printers even have internal servers or routers.
Hence, network printers are similar to other computer equipment which could be
suffered from various types of security threats (e.g. data leakage) if they are not
properly protected / used.
1.1 Purpose
This document provides guidance notes for the administration and other technical
and operational staff who are involved in managing network printers. Common
security considerations and best practices on major stages of network printer
management life cycle for using network printers are provided in this document.
B/Ds should consider the security measures and best practices recommended in this
document and implement adequate security protection for their network printers.
This document should be used in conjunction with the established government
requirements and documents including Baseline IT Security Policy [S17], IT
Security Guidelines [G3], relevant procedures and guidelines, where applicable. In
addition to the government security requirements, B/Ds should assess the security
risks before the adoption of network printers based on their business needs.
This document is intended to provide practical guidance notes on and references for
management and use of network printers in the offices. It is not intended to cover
technical requirements of a specific network printer model. B/Ds should consult
corresponding system administrators, technical support staff and product vendors for
these technical details.
The following referenced documents are indispensable for the application of this
document.
• Baseline IT Security Policy [S17], the Government of the Hong Kong Special
Administrative Region
• IT Security Guidelines [G3], the Government of the Hong Kong Special
Administrative Region
For the purposes of this document, the terms and convention given in S17, G3, and
the following shall apply.
1.4 Contact
This document is produced and maintained by the Office of the Government Chief
Information Office (OGCIO). For comments and suggestions, please send to:
Email: [email protected]
B/Ds shall also define the organisation structure on information security and provide
clear definitions and proper assignment of security accountability and responsibility
to involved parties.
B/Ds shall perform security risk assessments for information systems and production
applications periodically and when necessary so as to identify risks and
consequences associated with vulnerabilities, and to provide a basis to establish a
cost-effective security program and implement appropriate security protection and
safeguards.
B/Ds shall also perform security audit on information systems regularly to ensure
that current security measures comply with departmental information security
policies, standards, and other contractual or legal requirements.
Security Operations
To protect information assets and information systems, B/Ds should implement
comprehensive security measures based on their business needs, covering different
technological areas in their business, and adopt the principle of “Prevent, Detect,
Respond and Recover” in their daily operations.
B/Ds could make use of the cyber risk information sharing platform to receive and
share information regarding security issues, vulnerabilities, and cyber threat
intelligence.
This section highlights the security measures and best practices to address the
common security concerns and illustrates how they should be incorporated in the
major stages of network printer management life cycle including provision, use and
decommission. B/Ds may select and map the security measures and best practices
to their own management life cycle model based on their business needs.
Network printers have the capabilities of storing data in their storage devices and
connecting to wired or wireless networks for printing, copying, scanning, faxing and
emailing documents. They can also use network protocols commonly available in
computer equipment, such as File Transfer Protocol (FTP), Hyper Text Transport
Protocol (HTTP), Hyper Text Transport Protocol Secure (HTTPS), Internet Printing
Protocol (IPP), Server Message Block (SMB), Simple Network Management
Protocol (SNMP) and telnet. Hence, network printers expose similar security
threats faced by other connected computing devices. Major threats applicable to
network printers are highlighted below. B/Ds should take reference of these
common security threats and avoid them in using network printers.
General threats, vulnerabilities, and related exploits that may affect network printers:
Although using network printers is convenient and may be more cost-effective than
using separate local printers, scanners and fax machines; network connectivity
comes with greater risk of exposing the device and information to threats. Some
potential threats, vulnerabilities, and related exploits associated with network
connectivity include:
Data storage in network printers is most often in the form of hard disk drive (HDD)
or solid-state drive (SSD). Information stored in network printers may leave
organisational information vulnerable to numerous exploits and leakage in the
following conditions:
When considering security adoption of network printers, B/Ds should identify the
needs for network printers and how the network printers would support B/Ds'
businesses. A network printer security policy should be established to specify the
business and security requirements for the use of network printers with the following
considerations:
Based on the business and security requirements, B/Ds should develop adequate
processes and procedures for the provision of network printers. In particular,
security configuration procedures of network printers should be developed to
enforce security configurations in accordance with government security
requirements and the network printer security policy. Network printers should be
configured according to the security configuration procedures before deployment.
For sample checklist regarding security configuration of a network printer, please
refer to Annex A.
a. Identify the list of supported model that fulfils B/Ds' operations and security
requirements.
b. Perform risk assessments prior to deployment of new network printers, and
implement a continuous risk monitoring mechanism for evaluating changes in
or new risks associated with the network printers.
c. Disseminate the acceptable use policy and security reminders; as well as
provide security awareness trainings to users to remind them to use network
printers in a secure manner.
d. Maintain asset-tracking information such as serial number and keep track of
them for audit and development of B/Ds' technology replacement strategy for
network printers.
e. Apply secure configuration
• Isolate network printers from other systems until the secure configuration is
completed;
• Remove unused applications from network printers, e.g. Internet browsers;
• Enable all applicable security features of network printers according to the
g. Limit/restrict access
• Enable identification and authentication for privileged access (e.g. change
the configuration settings);
• Disable unauthorised remote access of network printers;
• Disable unneeded management services, ports and protocols;
• Disable wireless network connection for handling classified information;
• Whitelist or blacklist specific Media Access Control (MAC) addresses
and/or IP addresses; and
• Implement appropriate physical security.
1
Some printers do not support file overwrite when SSD is used as storage device. B/D could select HDD
if the file overwrite feature is necessary.
Even if the security requirements have been fully considered in the provisioning
stage, people and process are two main factors for keeping network printers in a safe
environment. Therefore, this section focuses on the best practices related to on-
going operation process for the management of network printers whereas best
practices for using network printers by end-users are provided at Annex B.
a. Check the status of network printers regularly to ensure security measures are
in place;
b. Change password for administrators of network printers regularly;
c. Review user accounts and privileges regularly to prevent unauthorised access
of network printers;
d. Update the operating system / firmware regularly to patch security vulnerabilities
and improve security features;
e. Make sure after any system / firmware updates or cold resets, all the established
security controls are reinstated; and
f. Review the print logs regularly, if applicable, to identify any suspicious activity
such as the volume of print jobs or time of printing.
In compliance with the security requirements of the Government, B/Ds shall observe
government security requirements and documents. In addition, B/Ds should adopt
the following security practices for handling classified information:
documents. B/Ds should check with product vendors to ensure the network
printers can meet the encryption requirements for handling classified documents.
d. Detailed encryption requirements for these two types of classified information
are given below.
e. If network printers with storage devices do not meet the above encryption
requirements, B/Ds should consider using network printers without built-in
storage device and connecting the printers to a trusted network. Alternatively,
local printers without built-in storage devices may be used.
f. If classified information is stored in network printers' storage devices, the
network printers shall be installed in a physically secure environment. Security
measures preventing any possible interfering of the printers shall be put in place.
g. Completely clear or destroy all classified information stored in network printers
when they are no longer required.
Generally speaking, awareness training should include but not limited to:
At the last stage of network printer management life cycle, network printers may be
decommissioned due to physical damage, end of support, re-use by other staff or
other B/Ds, etc. B/Ds should define device decommission procedures covering
secure data deletion and network printers factory reset and disposal such that
network printers can be re-used or securely disposed without data leakage.
b. Factory Reset
• Restore network printers to default factory setting. It could be done by
using the “Restore Factory Settings” function, if available. B/Ds may seek
advice from the corresponding product vendors, if necessary.
The following list of configuration is recommended for securing network printers used in the
offices. B/Ds may adjust the checklist based on their specific business requirements and
advice from product vendors or third party consultants, if applicable.
Configurations
1. Isolate the network printer from other systems until the secure configuration is
installed and hardened.
Network Control
3. Disable all protocols 2 if they are not being utilised (e.g. AppleTalk, IPX/SPX).
4. Assign the network printer with a static IP address 3 or limit network access to the
printer as possible such as access control lists in the printer configuration.
9. Ensure that data stored in printer's storage devices is erased completely before
decommission.
10. If printer's storage devices are used for printing, copying, scanning, faxing or
emailing documents, configure the network printer to remove any spooled files,
images, and other temporary data from the storage devices using a secure overwrite
between jobs.
11. Enable authenticated retrieval of print jobs for users, e.g. pull / private printing.
2
For examples:
i) IPP: If the Internet Printing Protocol is not used, then disable it.
ii) FTP: This feature is not used in most environments and should be disabled.
iii) SMB: Most printers do not provide status report when using SMB printing and should be disabled.
3
Giving static IP addresses or DHCP reservations makes it easier to monitor the printers and apply access lists
on hardware-based firewalls. Consider placing sensitive printers on their own subnet, which may make them
easier to identify and secure.
12. Enable Secure Multipurpose Internet Mail Extensions (S/MIME) for email
transmission of documents, if applicable.
Administration Control
13. Disable all services not used (e.g. FAX, scanner). If the web interface is not
required, consider disabling the web server.
15. Set strong passwords for administrator accounts according to password policy.
18. Apply latest patches for printer's operating system and/or firmware.
19. Disable unused communication ports (e.g. Bluetooth, Wi-Fi, NFC, USB).
23. Ensure that only authorised users can modify the global configuration from the
console by requiring a password.
Logging
24. Enable logging (e.g. access log) and review the logs regularly, if applicable.
The above checklist is NOT exhaustive and only includes some of the most common
practices on printer configuration.
4
For examples:
i) Disable web interface if possible; otherwise, enable HTTPS and disable HTTP at least.
ii) Disable telnet management interface.
iii) Disable SNMP if not used for printing management in your office; otherwise, choose SNMPv3 for its
authentication and encryption features if possible.
Even the network printers have been prepared for secure operation, users should follow the
best practices as follows: