The following are security recommendations for devices that use embedded systems at the University at Buffalo, which include copiers, scanners, printers, video cameras, vending machines, the Supervisory Control and Data Acquisition Network (SCADA) and more.
Each of these devices are directly connected to the UB computer network and therefore present a risk for compromise, unauthorized control by a third party or inadvertent data exposure. Since these devices provide important services to the UB community, it’s important that they be configured to ensure maximum UB availability and reduce the opportunity for misuse, misappropriation or risk to other network attached equipment.
Device passwords and SNMP community strings should be changed from the factory default. Passwords should be “strong” (i.e., containing a mix of upper & lower case, numbers and special case > 11 characters or long pass phrases).
Software or firmware should be maintained at the latest version and must be at least no older than 2 releases old. A business process must be in place to ensure someone is tasked with checking for new firmware releases on a regular basis.
Where practical, network attached embedded system devices should be protected by a traffic control device (e.g., hardware firewall) or be placed on a protected VLAN to isolate them from the general campus network and Internet. Private address space that is not routable to the Internet is strongly recommended.
Unnecessary services such as ftp and telnet that are frequently enabled by default should be disabled, since these present additional potential attack points and require the transmission of login information in clear text.
Disable remote management if possible. If not, then the device setup/configuration should be protected by a non-default strong password. If enabled, SNMP service should have community name and password also changed to a strong password.
When the device is removed from its current service (for example, moved to a new group or function, returned to the vendor or declared surplus equipment), any embedded disk drive(s) should be fully overwritten to render any data unreadable or the disk should be physically destroyed. If a disk is replaced, the original disk should be rendered unreadable before disposal unless the data on it is encrypted and the key is not on the disk or with the device.
If the device has the option for encrypting data and/or securely deleting data on its internal disk drive, that option must be enabled. If the printer is used to scan/copy restricted data, then the scan-to-email function must be disabled and only the scan-to-fileserver must be allowed. The designated fileserver must be a secure fileserver that meets guidelines for Handling Restricted Data at UB.