Time
2 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
3

Video Transcription

00:00
welcome back to printing Security Intermediate Course. And in this video, I will be talking about what is the difference between printer and, um, I M F B and M Fe's shortcut for multi function printer are multi function printing device,
00:15
and I'm going to talk about little about security impact of these differences. So this is going to be very simple explanation,
00:22
and the main reason is that I M f B has a scanner here. You can see two devices when his printer one is MFP, and they're based on the same printing hardware. So basically, the lower part of disease almost identical. Actually, it is.
00:37
And what is different is the electron ICS part of the rendering board, or for matter like it's called in this device on
00:46
between them. Because the form attar in the
00:50
the MFP can process scanning scanned images, it can do copying and things that printer simply cannot do because they don't have Skinner.
01:00
So I M F B usually has more memory than printer because it has to handle much more data because printer has to handle print job coming in and print it
01:11
while I'm FB has to, For examples can
01:15
50 or 100 pages off, scanned, document and sanded somewhere on the create a Pdf file and send it on the server.
01:23
So he has to have enough memory to store something like that.
01:29
Um, it usually has greater non volatile storage. So, for example, hard driving in them. If peace is usually greater than 50
01:38
and it usually has faster process. Everybody doesn't have to be the case, so I'm just saying it's usually
01:45
and usually it's same firmer or operating system like a willing printer. So if you're having these two devices, they have
01:52
pretty much the same always inside.
01:55
But what is the fundamental difference from security perspective on the and B compared to a printer, it has additional function so it can scan to let folder
02:05
and because it's on a network, and if
02:10
this network folders, for example, on the server,
02:14
then that you have to store user name and password
02:20
that is needed to access that folder on the server inside the device. So you're storing them inside there.
02:28
So first of all, you're storing some kind of passport for network
02:34
dr or something.
02:36
It can also scan to email.
02:38
So in these cases, you are
02:42
probably assigning user name or email address to that device
02:49
and then giving that device user name and password to access the email
02:53
server. However, you can do that also as well, in a way that every user of the device can type in or in some other way, produce their email address and password. In which case, if somebody sniffing on the device they can collect, for example, use names and passwords of people working in the company,
03:15
which can then be used to,
03:16
uh,
03:19
attack these PC's Because these are the same
03:23
passwords, usually
03:24
it can scan to folder. As I said, any kids can't work for, which is basically skins to some kind of third parties after that will then do something with it. So this third part is not such a big thing. But these 1st 2 scanning to email is coming to folder, are additional security or is compared to a printer
03:46
and also ah, and because of that time of peace and princess have different level of risk checked attached,
03:53
as they said, the manufacturer uses probably the same mother board or form a tear or rendering Borden all devices
04:01
eso. This is not the difference in kind of risk. It is usually
04:08
same operating system and firmer. But
04:12
what I'm a piece do on a daily basis is they can pray. Pdf's J pegs,
04:18
and it can be embedded with delicious coat,
04:23
so this is additional risk level off having enough be
04:27
and then if bees can be used to spoof email sender.
04:32
So, basically, if you having a device that has
04:36
ability to send to email a scan document
04:41
and if users are supposed to type in there the user name and password when they're doing it or they do it by presenting their digital badge or something. If you find a way, you can change that from email address and change it to something else. Or you can send
04:59
it through a different email address to somebody who is not supposed to receive the kind of that email.
05:04
So basically, m appease our security risk in that metro and printers or not.
05:13
So, um, let's do a quick learner check and see, uh,
05:18
what kind of attack doesn't work on a printer?
05:21
So is it just the printer, not printing device? Is it embedded Web server hacking
05:28
Is it network sniffing,
05:30
or is it? Mail it in to the spoofing, and the answer is, of course,
05:35
male identity spoofing. So this is a thing you don't do on the printer.
05:40
So you have in this lesson not the idea on what is the difference between a printer and a multi function device like multi function printer or copier that is also a printer on so on, so different. Manufacturers call these devices in a different manner with different marketing names, but
05:59
this is essentially their function, so you can
06:00
have a printing devices, just prints. Or you can have a printing device that can scan and copy and do something with these can documents and send email as well.
06:15
In this video, you have learned about the differences between printers and peas and especially the security implications of the differences. So you have seen that because I'm a freeze, they have Skinner. There are additional things that you have to worry about when they're deployed in the company network.
06:32
Also, in the next lesson, you will be able to learn about
06:36
a lot of things you have learned in this module

Up Next

Intermediate Printing Security

The Intermediate Printing Security course is intended for IT and cybersecurity professionals that want to learn how to secure print devices.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor