HP Innovation Journal Special Edition: Security | Page 20

H P P R I N T S E C U R IT Y protected section of Flash contains a “Golden Copy” of the BIOS in the event of any BIOS compromise. The BIOS is hashed and signed with a cryptographic sig- nature which is verified during boot. The device can revert to the “BIOS Golden Copy” in the event the BIOS becomes compromised. Whitelisting The second step in the startup lifecycle is to ensure that the device only loads HP-authentic code. HP provides a dynamic whitelisting technology that ensures only authentic, untampered, executable code can run on HP’s Printers. To clarify the terminology, a blacklist is used by antivirus scanners today which rely on iden- tifying fingerprints of known malware. The problem with a blacklist is that it typically takes about 4 days or more to isolate a new virus during a zero-day attack and publish an update that needs to be downloaded to the antivirus software. Embedded devices, such as printers being a closed system, have the luxury of knowing the code that should be loaded and only allowing “known good files” to execute on a system. HP supports the whitelist feature by only loading known software into memory and calculating the hash of the code that is compared against the known “good” signed hash value to verify its integrity. Updateable Firmware/Software One of the key technological improvements for modern consumer and enterprise electronics has been update- able firmware via the Internet. From phones to smart TVs, to network switches, to VOIP phones, it is the expectation that the firmware will be updated regularly. Often the manufacturer relies on firmware updates for security patches and bug-fix issues as well as adding new features. Although updateable firmware has been a positive breakthrough, the firmware update capabil- ity has introduced the possibility of rogue code being installed, and printers are no exception. HP ensures that only “known good firmware” is updated on the device. This requires the firmware to be hashed, ensuring that the firmware has not been tampered with and signing the hash using an HP-protected Private Key to ensure that the updated code is HP authentic code. 19 Ongoing Operation Runtime Intrusion Detection Recognizing that a device cannot protect against all current and future malware attacks, it needs to be able to look for and detect anomalous behavior while running. HP provides an innovative feature called Runtime Intrusion Detection to monitor memory for potential injection attacks. A buffer over- flow is a typical example of an exposure point that a hacker could use to inject malware into a running device. Runtime Intrusion Detection performs continual checks in memory to identify, detect and highlight any anomalies. If an anomaly occurs, the device performs a reboot, flushing memory of any potential malware and booting to a secure state. If this hap- pens, a security event is generated and can be monitored by various security monitoring tools (e.g., Security Information and Event Management (SIEM) tools). Connection Inspector HP Connection Inspector is an HP Labs patented technol- ogy to help printers stay one step ahead of malware attacks. The technology inspects outbound network connections to determine what is normal and stop any suspicious activ- ity. On initial infection, malware commonly contacts its command-and-control server for additional instructions. This behavior can be detected by an increase in DNS traf- fic. If the printer detects this type of network anomaly, it automatically triggers a reboot to initiate HP SureStart self-healing procedures, and if configured, sends security events to SIEM tools, all without any intervention. Easiest to Secure and Manage HP JetAdvantage Security Manager An often-overlooked area of device hardening is con- figuration control, which is perhaps one of the most important security areas. Security can be complex for companies to understand and implement. Printer security requires an Administrator under- stand the dependencies between various protocols on printing devices; MFPs have over 200 security settings. JetAdvantage Security Manager is a policy-based security compliance tool that makes it easy to secure a customer’s fleet of printers. Secu- rity Manager applies an easy-to-understand security policy to the fleet, handling printer differences effectively, and period- ically assessing compliance and automatically remediating a