The following are security recommendations for devices that use
embedded systems at the University at Buffalo, which include
copiers, scanners, printers, video cameras, vending machines, the
Supervisory Control and Data Acquisition Network (SCADA) and
Each of these devices are directly connected to the UB computer
network and therefore present a risk for compromise, unauthorized
control by a third party or inadvertent data exposure. Since these
devices provide important services to the UB community, so
it’s important that they be configured to ensure maximum
availability and reduce the opportunity for misuse,
misappropriation or risk to other network attached equipment.
Device passwords and SNMP community strings should be changed
from the factory default. Passwords should be “strong”
(i.e., containing a mix of upper & lower case, numbers and
special case > 11 characters or long pass phrases).
Software or firmware should be maintained at the latest version
and must be at least no older than 2 releases old. A business
process must be in place to ensure someone is tasked with checking
for new firmware releases on a regular basis.
Where practical, network attached embedded system devices should
be protected by a traffic control device (e.g., hardware firewall)
or be placed on a protected VLAN to isolate them from the general
campus network and Internet. Private address space that is not
routable to the Internet is strongly recommended.
Unnecessary services such as ftp and telnet that are frequently
enabled by default should be disabled, since these present
additional potential attack points and require the transmission of
login information in clear text
Disable remote management if possible. If not, then the device
setup/configuration should be protected by a non-default strong
password. If enabled, SNMP service should have community name and
password also changed to a strong password.
When the device is removed from its current service (for
example, moved to a new group for function, returned to the vendor
or declared surplus equipment), any embedded disk drive(s) should
be fully overwritten to render any data unreadable or the disk
should be physically destroyed. If a disk is replaced, the original
disk should be rendered unreadable before disposal unless the data
on it is encrypted and the key is not on the disk.
If the device has the option for encrypting data and/or securely
deleting data on its internal disk drive that option must be
enabled. If the printer is used to scan/copy regulated private
data, then the scan-to-email function must be disabled and only the
scan-to-fileserver must be allowed. The designated fileserver must
be a secure fileserver that meets UB's Protection
of Regulated Private Data Standards.