[Sussex] Secure printing

Brendan BT Account d740whelan at btinternet.com
Tue Jan 6 10:40:30 UTC 2009


Thanks to Alex and Steve for responding. I agree that in many ways 
printer security is a bit of a farce but NHS IT departments tend to come 
up with rules without fully considering all the implications. In this 
case, all printers will be in laboratories that are protected against 
unauthorised access, so encrypting data transferred from the main 
database server to a print server would be a practical approach. At this 
stage all I am seeking is a tick in a box so that we aren't precluded 
from bidding on a technicality.  Brendan

Steve Dobson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Brendan
>
> Not sure why to submitted this twice, but I will only answer once :-)
>
> Brendan BT Account wrote:
>   
>> We are quoting for an NHS job where they want secure transmission of
>> patient data. HTTPS will securely handle information between browsers
>> and the servers and we can encrypt/password protect any downloadable
>> reports. However, printing would seem to be more tricky as by default
>> Postscript and raw text files (to label printers) are unencrypted.
>> Secure Jet  (http://www.artimbilisim.com/urun09/SecureJET.pdf) would
>> seem to be handle laser printers. Has anyone experience in encrypting
>> printer output or any suggestions?  Thanks, Brendan
>>     
>
> What is the physical layout of the servers, network and workstations?
> How secure is the physical stuff?  Browsers need a secure communications
> link because they often communicate over a network (Internet) which is
> not secure.
>
> On the other hand printers normally sit in offices without armed guards
> checking the identities of anyone coming to correct their print jobs.
> Once a print as been done it is just sitting there and anyone can pick
> it up and read it.  What security is at the other end to ensure the
> security of the data once made physically manifest?
>
> The first rule of security, which I learnt for my days working a
> military systems supplier, is "that if you don't have physical security
> you don't have security at all!"  The army will post an armed guard with
> orders to shot to kill) by the printer to check identities it that what
> takes to secure the system.  They will also post guards along the route
> of the network cabling if that needs to be secured too.
>
> If the network isn't secure[1] then the NHS has bigger problems than
> print job security.  I would suggest that you ask some probing question
> about their infrastructure.
>
> Steve
>
> [1] An example would be if a patient could plug their laptop into the
> same network as the NHS's staff.  As the patients are not trusted people
> (and we will assume here that all staff are) then they should be on a
> physically separate networks to guard against casual network traffic
> snooping.  After all the SMB protocol as used by Windows to share files
> and print jobs transmits it's passwords (and all it's data) in clear
> text - very useful to your causal network snooper.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJYl9Qu7HOw0Q66oERAqzXAJ40ZNtCJvB8uhrVYGcyZbl1DEh0QgCguknq
> A6Gni033dx0IsEMuIw7RYdk=
> =Fa+f
> -----END PGP SIGNATURE-----
>
> __ 
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
>
>
>   




More information about the Sussex mailing list