Printing for your eyes only
Silex SecurePrint secures an overlooked vulnerability: The printer tray
- By Patrick Marshall
- Jun 05, 2006
So you’re a security-conscious network administrator. You’ve instituted a rigorous password policy, and you even require biometric log-ons for sensitive computers. You’ve tightened your document-management system by assigning access rights to individual users. And you don’t allow documents marked “sensitive” to be e-mailed outside the building.
That’s good, but what’s to prevent an unauthorized person who happens to be strolling by the network printer from grabbing, or quickly photographing, a sensitive document printed by an authorized user who sits 20 yards away down the hall?
Silex Technology America offers an elegant and relatively inexpensive solution to prevent this from happening. SecurePrint is two Silex devices tied together by software. The Pricom SX-5000U2 is a multiport USB device server with four USB ports for connecting devices and an Ethernet port to connect to your network. One of the ports is used for the other device in the bundle: the Silex FUS-200N fingerprint scanner.
Once you’ve set up the system and installed the software, you simply connect your printer to one of the USB ports on the SX-5000U2. After users are enrolled, the system couldn’t be simpler to use. When users send documents to the printer, they are held in the local print queue until the sender goes to the printer and places his or her finger in the fingerprint scanner. Once the user is authenticated, SecurePrint allows the print job to proceed, and of course, the authorized person is right there to retrieve the results before any unauthorized eyes might get a look.
Minor configuration confusions
We found the setup and configuration process generally straightforward, and everything proceeded with only a few minor hang-ups. Possibly because SecurePrint is based on devices used in other Silex solutions, installation requires a number of steps.
The documentation is generally clear, but I was not aware during my first attempt to install the product that the fingerprint scanner had to be connected locally to a computer for configuration before it can be moved to the USB device server.
A major inconvenience lies in the provisions for fingerprint enrollment. Users’ fingerprints must be enrolled while the scanner is connected to a local computer. After that, users can return the scanner to its location at the USB device server. If you need to add users, you have to keep moving the fingerprint scanner back and forth.
Apart from the issue of the physical location of the fingerprint scanner, we found the enrollment procedure quick and easy. You can enroll only one fingerprint, but enrolling at least two digits protects against problems in the event of injury.
We did find one potential problem with the fingerprint scanning system: The printer does not indicate if your fingerprint scan is unacceptable. Users need to be instructed to scan again for the print job to proceed. In practice, we expect this will rarely be an issue, because the fingerprint scanner delivered reliable results in our tests.
The only other notable drawback we found was that the solution only works with printers that have a USB port.
The price is right
Although a few small agencies and departments might be interested in the SecurePrint solution, the product’s pricing clearly favors larger installations.
The base price of $499 for a single-user license is a bit much unless that single user is willing to pay a high price for security. Even then, it might make more sense to buy a separate printer for that user.
But additional licenses are reasonably priced, making the solution attractive for larger installations in which networked printers are required. In such cases, SecurePrint offers a reliable and easy-to-implement solution.