Many thanks Michael. Your observation is quite correct. I had attempted, at
least in the introduction to restructure the information as you suggest. I
will give it another crack when I get the rest of the input.
Bill W.
From: Michael Sweet [mailto:msweet at apple.com]
Sent: Friday, January 21, 2011 1:24 PM
To: William Wagner
Cc: wims at pwg.org; ids at pwg.org; mfd at pwg.org
Subject: Re: [IDS] MPSA Security Article
Bill,
Thanks for writing this up.
First, a general observation: some of your outline reads line a standards
document. While I understand this is an occupational hazard :), I would
suggest that we approach writing this article with two basic goals:
identifying the key issues and showing how the PWG and other standards
bodies address them.
With that said, here is some text for section 4 on logging:
4 Logging
Hardcopy devices generally are capable of generating a great deal of
information such as the number of pages printed for a given job, when a
facsimile was received along with the sender's phone number and the number
of pages, printer maintenance alerts, security issues like unauthorized
access, and so forth. The "syslog" protocol (RFC 5424) is a common standard
used for logging this information and is already supported by many printers
and all major operating systems to allow for centralized logging and
analysis. The PWG's Imaging Device Security working group is currently
developing an extension to the syslog protocol that defines standard
keywords, values, and events so that printers from multiple vendors log this
information in a common format, greatly simplifying log analysis.
4.1 Accounting Logs
The primary purpose of accounting logs is to support accurate usage
information for billing and/or expense analysis. Accounting logs may also be
required for regulatory compliance.
Accounting logs provide a snapshot of print/fax/copy job activity - the
owners of the jobs, billing information such as account numbers, the
printer(s) used for the jobs, the number of pages in the job, the type of
media used, and so forth. Detailed consumable information (how much cyan
toner was used for each job) is generally not available, however. ISO 10175
(Document Printing Application or DPA) defines the baseline information
necessary for accounting logs and is used as the basis of all IETF and PWG
printing standards.
4.2 Audit Logs
The primary purpose of audit logs is to support site security requirements
and regulatory compliance.
Audit logs provide forensic information about access to the hardcopy device
- when jobs were printed/faxed/copied, when software updates are applied,
what computer(s) accessed the device and when, what information was
requested from the device and when, and whether the access was allowed. The
IEEE Standard 2600 series of Protection Profiles define standard events and
information that must be part of an audit log. The PWG IDS work group is
also working to define additional events specific to secure networks and
health assessment.
4.3 Maintenance Logs
The primary purpose of maintenance logs is to support site planning and
response.
Maintenance logs provide information about the hardcopy device - when
consumables are replaced, when paper jams or other error conditions occur
and are resolved, when the device detects faults in external connections
such as power or networking, and when the device is in specific operating
modes such as sleep, power down, servicing, etc. Much of this information is
also available via SNMP in various standard (RFC 3805, PWG Power MIB) and
vendor proprietary MIBs.
On Jan 17, 2011, at 10:45 AM, William Wagner wrote:
Attached (perhaps) and posted at
ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access article.doc is a skeleton
draft of the February Access article for the MPSA, preceded by the original
outline. Most of the information is edited from the MFD Model document
security section by Nancy Chen (which was removed in favor of a simple
IEEE-2600 reference). The draft currently is incohesive, incomplete, and
non-compelling. I solicit contributions on Identification, Authentication
and Authorization, and on Logging, as well as comments on the overall
structure and intent of the article.
I have agreed to edit and integrate contributions to provide a competed
article (although I would be willing to surrender that pleasure should
someone else volunteer.) It is our objective to get a reasonable article to
Jim Fitzpatrick for the February contribution. Although that suggests 28
January , depending upon how well the article takes shape, we may want to
discuss this at the February face-to-face and submit it by 3 February.
We also need to consider the questions we wish to include in the associated
survey. The questions should be geared to helping us understand how MPSA
members see these security issues in their business, particularly with an
aim to what we might do to better satisfy their problems by informing them
what is available, by better documenting what might be done, and by making
our PWG member companies aware of the perceived problems and needs.
Many thanks,
Bill Wagner
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean. <Access
article.doc>_______________________________________________
ids mailing list
ids at pwg.orghttps://www.pwg.org/mailman/listinfo/ids
__________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/wims/attachments/20110121/2bbdee45/attachment-0001.html>