[Sussex] Secure printing

Tue Jan 6 11:03:49 UTC 2009

Just googled quickly, Novell have something called iPrint that allows  
authentication against their Linux eDirectory Servers and prvides  
secure printing via ssl:

http://www.novell.com/documentation/nnls/index.html?page=/documentation/nnls/iprint/data/akujjgs.html

http://www.novell.com/products/openenterpriseserver/iprint.html

This thread:

http://osdir.com/ml/printing.cups.general/2004-03/msg00050.html

Also has some information about securing CUPS printing using TLS/SSL/etc.

HTH,

M.

Quoting Brendan BT Account <d740whelan at btinternet.com>:

> Thanks to Alex and Steve for responding. I agree that in many ways
> printer security is a bit of a farce but NHS IT departments tend to come
> up with rules without fully considering all the implications. In this
> case, all printers will be in laboratories that are protected against
> unauthorised access, so encrypting data transferred from the main
> database server to a print server would be a practical approach. At this
> stage all I am seeking is a tick in a box so that we aren't precluded
> from bidding on a technicality.  Brendan
>
> Steve Dobson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Brendan
>>
>> Not sure why to submitted this twice, but I will only answer once :-)
>>
>> Brendan BT Account wrote:
>>
>>> We are quoting for an NHS job where they want secure transmission of
>>> patient data. HTTPS will securely handle information between browsers
>>> and the servers and we can encrypt/password protect any downloadable
>>> reports. However, printing would seem to be more tricky as by default
>>> Postscript and raw text files (to label printers) are unencrypted.
>>> Secure Jet  (http://www.artimbilisim.com/urun09/SecureJET.pdf) would
>>> seem to be handle laser printers. Has anyone experience in encrypting
>>> printer output or any suggestions?  Thanks, Brendan
>>>
>>
>> What is the physical layout of the servers, network and workstations?
>> How secure is the physical stuff?  Browsers need a secure communications
>> link because they often communicate over a network (Internet) which is
>> not secure.
>>
>> On the other hand printers normally sit in offices without armed guards
>> checking the identities of anyone coming to correct their print jobs.
>> Once a print as been done it is just sitting there and anyone can pick
>> it up and read it.  What security is at the other end to ensure the
>> security of the data once made physically manifest?
>>
>> The first rule of security, which I learnt for my days working a
>> military systems supplier, is "that if you don't have physical security
>> you don't have security at all!"  The army will post an armed guard with
>> orders to shot to kill) by the printer to check identities it that what
>> takes to secure the system.  They will also post guards along the route
>> of the network cabling if that needs to be secured too.
>>
>> If the network isn't secure[1] then the NHS has bigger problems than
>> print job security.  I would suggest that you ask some probing question
>> about their infrastructure.
>>
>> Steve
>>
>> [1] An example would be if a patient could plug their laptop into the
>> same network as the NHS's staff.  As the patients are not trusted people
>> (and we will assume here that all staff are) then they should be on a
>> physically separate networks to guard against casual network traffic
>> snooping.  After all the SMB protocol as used by Windows to share files
>> and print jobs transmits it's passwords (and all it's data) in clear
>> text - very useful to your causal network snooper.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFJYl9Qu7HOw0Q66oERAqzXAJ40ZNtCJvB8uhrVYGcyZbl1DEh0QgCguknq
>> A6Gni033dx0IsEMuIw7RYdk=
>> =Fa+f
>> -----END PGP SIGNATURE-----
>>
>> __
>> Sussex mailing list
>> Sussex at mailman.lug.org.uk
>> E-mail Address: sussex at mailman.lug.org.uk
>> Sussex LUG Website: http://www.sussex.lug.org.uk/
>> https://mailman.lug.org.uk/mailman/listinfo/sussex
>>
>>
>>
>
>
> __
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
>

-- 
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
http://www.truthisfreedom.org.uk/