How secure are networked office devices?

TitleHow secure are networked office devices?
Publication TypeConference Papers
Year of Publication2011
AuthorsCondon E, Cummins E, Afoulki Z, Cukier M
Date Published2011/06//
Keywordscomputer network security, data privacy, networked office device security, privacy risk assessment, Risk management, security risk assessment, STRIDE threat model, university network

Many office devices have a history of being networked (such as printers) and others without the same past are increasingly becoming networked (such as photocopiers). The modern networked versions of previously non-networked devices have much in common with traditional networked servers in terms of features and functions. While an organization may have policies and procedures for securing traditional network servers, securing networked office devices providing similar services can easily be overlooked. In this paper we present an evaluation of privacy and security risks found when examining over 1,800 networked office devices connected to a large university network. We use the STRIDE threat model to categorize threats and vulnerabilities and then we group the devices according to assessed risk from the perspective of the university. We found that while steps had been taken to secure some devices, many were using default or unsecured configurations.