TY - CONF T1 - How secure are networked office devices? Y1 - 2011 A1 - Condon,E. A1 - Cummins,E. A1 - Afoulki,Z. A1 - Michel Cukier KW - computer network security KW - data privacy KW - networked office device security KW - privacy risk assessment KW - Risk management KW - security risk assessment KW - STRIDE threat model KW - university network AB - Many office devices have a history of being networked (such as printers) and others without the same past are increasingly becoming networked (such as photocopiers). The modern networked versions of previously non-networked devices have much in common with traditional networked servers in terms of features and functions. While an organization may have policies and procedures for securing traditional network servers, securing networked office devices providing similar services can easily be overlooked. In this paper we present an evaluation of privacy and security risks found when examining over 1,800 networked office devices connected to a large university network. We use the STRIDE threat model to categorize threats and vulnerabilities and then we group the devices according to assessed risk from the perspective of the university. We found that while steps had been taken to secure some devices, many were using default or unsecured configurations. M3 - 10.1109/DSN.2011.5958259 ER -