1 / 16

Secure Print Protocols in a Traditional Printing Environment

Secure Print Protocols in a Traditional Printing Environment. David.Staal@BarrSystems.com February 24, 2004. Contents. The Production Printing Environment What is ‘Production Printing?’ Protocols and Platforms Used Security Needs in Production Printing Possible Security Solutions

Download Presentation

Secure Print Protocols in a Traditional Printing Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Print Protocols in a Traditional Printing Environment David.Staal@BarrSystems.com February 24, 2004

  2. Contents • The Production Printing Environment • What is ‘Production Printing?’ • Protocols and Platforms Used • Security Needs in Production Printing • Possible Security Solutions • IPP with TLS (SSL) • IPSec • Encryption for LPR/LPD and Raw Socket

  3. Introduction • Barr Systems provides print management software for the Production Printing industry. • Our customers are becoming more concerned about security as their printing moves to TCP/IP networks.

  4. What is Production Printing? • Production Printing is a phrase used to describe the traditional printing world started by IBM and Xerox. • Production Printing is characterized by: • Large data centers, often outsourced • High-speed, 100ppm+ printers • Large volumes of print in small windows of time • Typically statements, bills, checks

  5. More about Production Printing • Organizations that do Production Printing: • Banks and Credit Card companies • Mutual Fund companies • Insurance companies • Hospitals • Phone companies • Many branches of Government and Military • Just about any large corporation

  6. IBM Host Traditional Mainframe Printing SNA Connection Local Channel Printer RJE Remote Workstation

  7. Traditional Printing Environment • Data originates on IBM Mainframes • Prints on local channel-attached Xerox, IBM or Oce’ printers • Mostly EBCDIC Line Data (text), and some IPDS • Connections to remote print sites use: • SNA connections • Channel extension over dedicated lines

  8. IBM Host Production Printing Today TCP/IPLAN TCP/IP or SNA WAN Print Management Server

  9. Production Printing Environment • Data still originates on IBM Mainframes, or other large hosts, such as Unix systems • Prints on Xerox, IBM and Oce’ printers, but many now with TCP/IP interfaces • EBCDIC Line Data (text), and IPDS • Connections to remote print sites use: • SNA over TCP/IP • TCP/IP LPR/LPD or Raw Socket (Port 9100) • PC-based or Unix Print Management software used to manage multiple printers at print sites

  10. Why Security Now? • In the past, the communications protocols were more proprietary, and in more closed environments. • Now, more and more print traffic moves over TCP/IP networks. • Lots of confidential data, credit card numbers, account numbers, account information and medical information.

  11. What Kind of Security is Needed? • Confidentiality is the pre-eminent need, to prevent stealing of private information. • Message Integrity would also be useful. • Authentication is not a priority, because these printers or print servers are not shared to other users, and use well established paths and fixed IP addresses. • Encryption alone would provide what is needed most.

  12. Possible Solutions for Secure Print • IPP with TLS (SSL) • IPSec • Encryption for LPR/LPD and Raw Socket

  13. IPP with TLS (SSL) • If fully implemented, IPP with security would solve the problem. • Many products in the Production Print industry have not yet implemented IPP. • The IBM host and Xerox printer implementations of IPP apparently don’t include security. • The ‘special options’ for production print with LPR/LPD are not available in the IPP implementation on some systems.

  14. IPSec • An IPSec secure tunnel would make sense in the Production Print environment, since the path and IP addresses are fixed. • Most versions of Microsoft Windows support IPSec. • z/OS on the IBM mainframe supports IPSec. • The bigger Xerox printers run on Sun Solaris workstations, which should support IPSec. • Smaller printers from Xerox and other vendors may not support it.

  15. Encryption for LPR/LPD and Raw Socket • There is no current standard for security for these older protocols. • An Encryption standard, such as AES, would provide what is needed. • Some kind of key exchange, such as IKE, or a static key mechanism would be needed. • Compression before Encryption would be effective in improving performance. • Some vendors have already implemented this on their own.

  16. Open Discussion • What do you think of these approaches? • Are there other solutions? • What action, if any, should the PWG take?

More Related