attachment-0001
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><base href="x-msg://177/"><style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'><div class=WordSection1><p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Many thanks Michael. Your observation is quite correct. I had attempted, at least in the introduction to restructure the information as you suggest. I will give it another crack when I get the rest of the input.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Bill W.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Michael Sweet [mailto:msweet@apple.com] <br><b>Sent:</b> Friday, January 21, 2011 1:24 PM<br><b>To:</b> William Wagner<br><b>Cc:</b> wims@pwg.org; ids@pwg.org; mfd@pwg.org<br><b>Subject:</b> Re: [IDS] MPSA Security Article<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Bill,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks for writing this up.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>First, a general observation: some of your outline reads line a standards document. While I understand this is an occupational hazard :), I would suggest that we approach writing this article with two basic goals: identifying the key issues and showing how the PWG and other standards bodies address them.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>With that said, here is some text for section 4 on logging:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>4 Logging<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Hardcopy devices generally are capable of generating a great deal of information such as the number of pages printed for a given job, when a facsimile was received along with the sender's phone number and the number of pages, printer maintenance alerts, security issues like unauthorized access, and so forth. The "syslog" protocol (RFC 5424) is a common standard used for logging this information and is already supported by many printers and all major operating systems to allow for centralized logging and analysis. The PWG's Imaging Device Security working group is currently developing an extension to the syslog protocol that defines standard keywords, values, and events so that printers from multiple vendors log this information in a common format, greatly simplifying log analysis.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>4.1 Accounting Logs<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The primary purpose of accounting logs is to support accurate usage information for billing and/or expense analysis. Accounting logs may also be required for regulatory compliance.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Accounting logs provide a snapshot of print/fax/copy job activity - the owners of the jobs, billing information such as account numbers, the printer(s) used for the jobs, the number of pages in the job, the type of media used, and so forth. Detailed consumable information (how much cyan toner was used for each job) is generally not available, however. ISO 10175 (Document Printing Application or DPA) defines the baseline information necessary for accounting logs and is used as the basis of all IETF and PWG printing standards.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>4.2 Audit Logs <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The primary purpose of audit logs is to support site security requirements and regulatory compliance.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Audit logs provide forensic information about access to the hardcopy device - when jobs were printed/faxed/copied, when software updates are applied, what computer(s) accessed the device and when, what information was requested from the device and when, and whether the access was allowed. The IEEE Standard 2600 series of Protection Profiles define standard events and information that must be part of an audit log. The PWG IDS work group is also working to define additional events specific to secure networks and health assessment.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>4.3 Maintenance Logs<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The primary purpose of maintenance logs is to support site planning and response.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Maintenance logs provide information about the hardcopy device - when consumables are replaced, when paper jams or other error conditions occur and are resolved, when the device detects faults in external connections such as power or networking, and when the device is in specific operating modes such as sleep, power down, servicing, etc. Much of this information is also available via SNMP in various standard (RFC 3805, PWG Power MIB) and vendor proprietary MIBs.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><div><p class=MsoNormal>On Jan 17, 2011, at 10:45 AM, William Wagner wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'>Attached (perhaps) and posted at <a href="ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access article.doc">ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access article.doc</a> is a skeleton draft of the February Access article for the MPSA, preceded by the original outline. Most of the information is edited from the MFD Model document security section by Nancy Chen (which was removed in favor of a simple IEEE-2600 reference). The draft currently is incohesive, incomplete, and non-compelling. I solicit contributions on Identification, Authentication and Authorization, and on Logging, as well as comments on the overall structure and intent of the article.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'>I have agreed to edit and integrate contributions to provide a competed article (although I would be willing to surrender that pleasure should someone else volunteer.) It is our objective to get a reasonable article to Jim Fitzpatrick for the February contribution. Although that suggests 28 January , depending upon how well the article takes shape, we may want to discuss this at the February face-to-face and submit it by 3 February.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'>We also need to consider the questions we wish to include in the associated survey. The questions should be geared to helping us understand how MPSA members see these security issues in their business, particularly with an aim to what we might do to better satisfy their problems by informing them what is available, by better documenting what might be done, and by making our PWG member companies aware of the perceived problems and needs.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'>Many thanks,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'>Bill Wagner</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:14.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is <br>believed to be clean. <Access article.doc>_______________________________________________<br>ids mailing list<br><a href="mailto:ids@pwg.org">ids@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/ids">https://www.pwg.org/mailman/listinfo/ids</a><o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black'>__________________________________________________<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black'>Michael Sweet, Senior Printing System Engineer, PWG Chair<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></div><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>