Diode Applications: Secure Printing

12 Nov

In this blog series, I have been exploring applications for Data Diodes.  This week, I look at the issue of printing between different networks.


Printing is an everyday necessity for businesses. In order for employees to function efficiently it is essential that they have access to printing resources. Getting the printing capacity right is an on-going business challenge:

  • Too many printers and the servicing or service management costs become too high.
  • Too few printers and you end up with business bottlenecks, inefficiency and potentially increased services costs as printers run beyond specification.

In normal network environments this means having a printer connected to the company network that everyone can access. This is an easy task for companies who have standard business networks because there are no restrictions on connecting them together to access a central printing resource.

However, businesses that have multiple segregated networks of differing security classifications cannot connect to these shared printers due to networking constraints. Consequently, they cannot make use of shared printing resources connected to multiple networks, leading to an over capacity of printers.

With a data diode enabled print solutions a single printer to be connected to multiple segregated networks, without compromising security of the individual network. This derives business benefits of reduced servicing costs and space.

Interested in finding out more details about secure printing between network domains?  Contact me, or leave a comment below.

4 Responses to “Diode Applications: Secure Printing”

  1. Dave Walker November 12, 2013 at 21:02 #

    Yup, that should work nicely :-).

    It’s worth noting that the printer itself should be handled (and, eventually, disposed of) in a manner commensurate to a device on the highest-sensitivity network the Nexor printing solution is connected to.

    It would also be cool if the printing solution has an option to queue a user’s job until they authenticate to some device known to be physically attached to the printer, to verify that they are at the printer and ready to pick their print job up “fresh off the drum” so that different print jobs – especially at different classifications – aren’t left lying around in the printer’s vicinity, awaiting collection. I’ve seen this as a requirement on a few projects.

    There’s various products on the market for augmenting print jobs with customisable job start and end sheets (which usually incorporate page count, handling instructions, etc) and page processing which nails a network identifier (such as a protective marking) into the header and footer of each page; I’m assuming that the Nexor printing solution has something along these lines built in, too…

    Like

    • Colin Robbins November 13, 2013 at 10:00 #

      Thank you for the comment Dave,
      We have implemented a system just as you describe, using a pull printing solution from a major printer supplier.
      Cheers,
      Colin

      Like

    • Steve January 11, 2016 at 04:38 #

      Warning I’m not a security expert at all!

      One thing you could do is have one person (Or machine?) “handle” the receiving of printing jobs and the physical collection/delivery back to the requester personally. Employees could email the “printer handler” who would then transport the data over an air gap, print it, place it in an envelope and hand deliver it to the desk of the requester or wait for signed collection from the requester.

      Like

      • Colin Robbins January 11, 2016 at 06:42 #

        Thanks for the feedback Steve,
        The challenge I see of using a person in this scenario is first how to securely transfer the data over the air gap (USB sticks etc have been shown to cause problems if reused – Stuxnet). Secondly, for classified material you need to trust that (additional) person.
        The real answer is there is no ‘right’ solution here, it all depends on the exact local situation and the risks faced.

        Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: