Lots of organisations are moving to IP based technologies to save money and consolidate devices. Items such as IP Phones, IP Alarm System, and of coure Multi Functional Devices.

These devices consolidate printers, scanners, faxes, photocopiers and even basic storage into a single device on the network. I had my first involvement with these about a year or so ago, but recently a few people have asked me about the security concerns and risks around these devices so I thought I would bullet the main issues to consider that might not appear obvious.

• Internal / External Connections. With the device acting as a network printer / scanner, and also a fax that will be connected to a PSTN for external connection. There is a possibility to bridge the connections and gain access to the network via the fax line. All the devices I have reviewed have been logically disconected, and when testin it was not possible to bridge the connections.
• Internal Storage. These devices use a Hard Disk, and it is not uncommon for all faxes, prints, copies and scans to be present on the HD at some point before being output. With this in mind, and where the device it is worth considering encryption of the HD contents, and consider decommisioning techniques when the unit fails or needs to be replaced.
• Shared usage. As the device usually replaces multiple departmental kit, this now becomes the central location for printing etc. In the event personal or sensitive data is sent for print, or faxed received it is highly likely that someone else may find the print. It is a good idea to lock down prints and scans to users, prompting a key combination or password is required to release the print.
• Network access. With these devices on the network, it is most likely shared access can be achieved through the network to prints and scans. Once again if access is not restricted appropriately, data may be inappropriately accessed.

These devices really need to be treated more like a workstation or server, and not like the printers with minimal memory that we are familiar with.
They also tend to be running a Linux OS, so it is important to review the OS for patches, and firmware updates, as well as ensuring appropriate ports are locked down. There are a few known vulnerabilities with printers that can be exploited, and the MFD opens various additional risks to be exploited.

L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.

The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference.

L0phtCrack was a popular tool used to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords.  It was also used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

I look forward to reading and seeing more on this new revision.

Tiversa, headquartered in Cranberry Township, Pa., reportedly discovered a security breach that led to the transfer of military information to an Iranian IP address, according to WPXI. The information is said to include planned engineering upgrades, avionic schematics, and computer network information.

The channel quoted the company’s CEO, Bob Boback, who said Tiversa found a file containing the entire blueprints and avionics package for Marine One.

“What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” Boback told WPXI.

Tiversa makes products that monitor the sharing of files online. A representative for the company was not immediately available for comment.

Boback believes that the files probably were transferred through a peer-to-peer file-sharing network such as LimeWire or BearShare, then compromised.

* Source CNET News

So are you sure your company data isnt being accidently shared via P2P networks in your network, or when staff take laptops home.

I recently stumbled across the SNOsoft blog, where they detailed how Facebook can be utilised from a Hackers perspective.

The post is interesting, and focuses on the social engineering aspects, and the human tendancy / desire to trust each other.  They then go one to detail how they selected an organisation as a victim, searched for profile information within Facebook, and the people associated with the organisation. This is all part of the very important reconisance phase.

They then build trust relationships with people in the organisation via Facebook, even though they have never been introduced or met in the real world. They then created a fake site detailing how a recent incident might have lead to passwords being compromised, and users should use the form to carry out a password reset.

This obviously lead to them getting various password, for them to then utilise these to initiate a direct attack on the organisation and gain access.

I think its good to carry out this sort of scenarios, I am sure many people dont just add any old Tom, Dick or Harry to any of the social networking sites they visit, but this is a prime example how the few that do cause a security risk.