Tag Archive for Hard disk drive

RB | October 25, 2011
3 comments

Copier Security Best Practices

Copy Scan PrintMulti-Function printers (MFP) can scan, copy, fax and print, now they can also send email, host web-based administrative pages, and even tell you when the ink is low. While doing all that, MFP’s can store image files on on-board hard drives which can contain sensitive personal identifiable information (PII). Compliance with standards/laws as PCI-DSS, HIPAA, Sarbanes Oxley, or state privacy laws, etc. may force MFP’s to be secured.

MFP SecureState suggests some general questions to ask when trying to understand the criticality of these systems and to show some due diligence:

• Are these devices accessible on the network? If so, how is “Administrative” access controlled?
• How long are the image files retained on these systems?
• If the device is compromised, can the attackers actually capture sensitive data?
• If a hard drive fails, does the replacement process follow the normal standard for securely destroying the disk?
• What are some of the services enabled on these devices? Is there an administrative website, SNMP client, or SMTP server? How about the accounts and passwords of the administrative websites; are they set to default accounts and passwords?

SecureState says If you answered “No” or “I don’t know” to these questions, some of the issues more than likely need to be addressed.

Data theftJust like any network appliance, MFP’s and other print devices are small computers that have memory, storage, processors, an operating system, full-fledged web servers and are connected to the network. These devices can hold sensitive information. Before that old printer is finally decommissioned, make sure that the hard drive is securely wiped. If the existing device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive should be removed and securely wiped or destroyed separately before being decommissioned.

Recommended best practices for multifunction printers and copiers with disk drives:

  • Review vendor security configuration guides
  • Develop a standard configuration and check regularly
  • Enable immediate image overwrite and schedule regular off-hours overwrite (DoD 3 pass)
  • Enable encryption (minimum 128-bit AES)
  • If network-enabled, use network encryption and secure protocols such as IPSec, SSL, SNMPv3
  • Regularly review vendor security bulletins
  • Enable authentication and authorization (if possible, use network credentials)
  • Change admin password regularly
  • Enable audit log and review periodically
  • Treat network-enabled devices like any other computer on the network
  • Purchase a device which has an EAL2 Common Criteria certification

Data destructionIf the device processes restricted data, it MUST have encryption and image overwrite. For devices which process restricted data but do not have the necessary security features:

  • If possible, buy the necessary security modules and enable the features.
  • If security features cannot be purchased or enabled, replace the device as soon as is appropriate and have the hard drive removed and destroyed.

By Vendor

XeroxXerox – Newer Xerox (XRX) devices come with security features that often have to be turned on. See the Xerox Information Security Guides for more info.

RicohRicoh -  Security options for Ricoh’s (7752) have to be purchased separately. See the Ricoh Common Security Features Guide (PDF) for more info.

CanonCanon – Security options for Canon (CAJ) devices have to be purchased separately. See Canon Security Solutions for iR and iP Devices (PDF) for more info.

HPHP – All HP (HPQ) multifunction printers have hard drives.

  • There is a disk-wipe utility for all MFPs.
  • This utility is not installed by default and has to be downloaded from HP.COM. The utility is protected by an admin account and password.
  • The utility can be configured to do a printer disk wipe daily.
  • Some non-MFP HP printers may have hard drives. These printers will have an occupied EIO card (with resident hard drive) in the slot next to the network card. This EIO card should be physically evident by viewing the printer external case.
  • Third party disk wipe utility cannot be used against HP MFP hard drives without removing the drive from the card – which is likely to cause damage to the card and, possibly, the hard drive.
  • Non-MFPs with hard drives are somewhat rare and may be purchased for special purposes.
  • Non-MFPs with hard drives and network connections can be remotely disk wiped. Non-MFPs with a hard drive but without a network connection need to be handled by HP.
  • For leased HP printers, the agreements should include a defective media retention provision that permits the lessor to keep the hard drive before releasing the printer.
  • The WebJetAdmin tool, downloadable from HP.COM, can scan a network subnet and identify HP printers (and non-HP printers if the tool has a MIB for the non-HP printer).
rb-
Richard Nixon

I don't worry about data security

All they focused on was the costs, they did not ask any of the due diligence questions pointed out in this post. They had no plans on having the HDD’s on the 12 networked copy/scan/print Ricoh’s wiped. It is pretty clear that all the info on the HDD’s was bound for South America or else were on the secondary market, was I wrote about here.

Related articles
Category: Printer, Security | Tags: , , , , , , , , ,
RB | February 14, 2010
No comments

New Disk Drives Degrade XP

IBM 350 disk storage unit The International Disk Drive Equipment and Materials Association (IDEMA), the industry group which promotes the technological, manufacturing, marketing, and business needs of the disk drive industry, is leading the Big Sector initiative to update computer hard disk drives from 512 bytes to 4,096 bytes (4 Kilobytes) sectors.

IDEMA claims the need to change the hard drive sector size which has been consistent for thirty years, developed as hard disk sizes grew. The old 512 b sectors 4 Kb sectorlimited the amount of error correction required to handle more data on the newest drives.  Dr. Martin Hassner of Hitachi GST said: “(The) increasing areal density of newer magnetic hard disk drives requires a more robust error correction code (ECC), and this can be more efficiently applied to 4096 byte sector lengths” in a 2006 TechWorld article.  According to the trade group, the change to 4 Kb sectors will allow hard drives to continue to grow to 2 Tb in size.

Western DigitalWestern Digital is the first manufacturer to release products under this initiative. WD calls these drives Advanced Format. According to an article at AnandTech, 1n order to reach the 2 Tb size Western Digital and other drive manufacturers have developed a 512 b emulator which resides on the drive controller for the Microsoft Windows 5.x family (Windows 2000, XP, 2003, Windows Home Server) which are unaware of 4 Kb sectors.

AnandTech says the emulators will allow Windows 5.x systems to continue to think they are seeing 512 b but there are still problems. The article reports that the Windows 5.x family has a habit of misaligning the first disk partition under the new system which will result in poor default performance. The Windows 6.x family (Vista, 2008, Win7) and later are programmed to take in to account the alignment issues. This also creates issues for imaging software. Drive imaging software like Norton’s Ghost need to be 4 Kb aware. Otherwise it may inadvertently create misaligned partitions with any Windows product.  The article claims that all current imaging products will write misaligned partitions and/or clusters.

Linux and Mac OS X are not affected by this issue. Western Digital has tested modern versions of both operating systems, and officially classifies them as not-affected. They also found that Linux and Mac OS X drive imaging products are also unaffected.

Western Digital is offering two solutions to solve the misalignment issue. The first solution is specifically geared towards Win 5.x. The first option is to use an offset created by jumpering pins on an Advanced Format drive. This will force the drive controller will use a +1 offset. This crude hack means the operating system is no longer writing to the sector it thinks its writing to. Jumpering is simple to activate and effective in solving the issue on a PC with a single partition. If multiple partitions are installed this hack cannot be used because the offset can damage later partitions. The offset can not be later removed without repartitioning the drive, because that would break the partition table.

The second method of resolving misaligned partitions is through the use of Western Digital’s WD Align utility available online from WD. The utility moves a partition and its data from a misaligned to an aligned position. This is the recommended solution for using multiple partitions under Win 5.x, along with correcting any misaligned partitions generated by imaging software. The utility also serves as the only way to find an Advance Format drive without physically looking at it.

AnandTech calls the WD Align utility the recommended solution for single-partition drives being used under Win 5.x too, since it prevents breaking the partition table. The amount of time needed to run the utility depends on the amount of data that needs to be moved and not the partition size (it simply ignores empty space), so it’s best to run the utility immediately after creating a partition or installing Windows, as there’s less data to move around.

WD Green Cavier HDDThe first Advanced Format drives are WD Caviar Green drives using multiple 500GB platters which are now available. There are two ways to these drives : 1) They all have 64 Mb of cache – the first WD Caviar Green drives to come with that much cache; and 2) They all have EARS in the drive model number, e.g. WD10EARS.

It seems that WD is not pushing these drives as part of any major product launch. The new drives are quietly entering the marketplace. The IDEMA plan called for everyone to have 4 Kb sector drives by 2011, so there will be similar soft-launches from the other manufacturers over the next year.  It  is reasonable to expect all the HDD manufacturers to have similar problems with Win 5.x,  All of the vendors will have to support WinXP, in one way or another until at least 2014, when extended MS support for WinXP ends.

Category: Hardware | Tags: , ,
 

Switch to our mobile site