Security and Technology Disclosure
Technology has helped businesses work harder, faster and more efficiently than ever before. The downside is that computers, and more specifically, sensitive data, are more vulnerable than ever before. Recognizing this, PrintMIBUK continues to engineer and design all of our products to ensure the highest level of security possible. PrintMIBUK develops a suite of software designed to automate the management of printers, copiers, and multi-function printers (MFPs) using a combination of common protocols – mainly Simple Network Management Protocol (SNMP), Printer Job Language (PJL) and Hyper Text Transfer Protocol (HTTP).
The PrintMIBUK DCA is a service designed to be permanently installed on a Windows workstation/server at a client location. At set intervals, it performs regular scans of the networked printers, copiers, and MFPs and reports the results directly to the PrintMIBUK Server. These data transmissions are done using standard HTTP (port 80) posts to a Secure Scan Archive Server. Other than the information entered into the DCA database when the program is installed, and the network address, it collects no personal data from the workstation/server on which it is running.
The PrintMIBUK DCA tracks the following device information:
– Manufacturer Name – Model
– Serial Number – MAC Address
– TCP/IP Address – Page Counts
– Supply Levels – Console Messages
– Alerts – System Location
– System Contact – System Name
At no time does the DCA track or attempt to track any information other than that which is above.
The PrintMIBUK DCA can be remotely managed from the PrintMIBUK Portal. Management changes would include things like changing the scanning frequency, changes to IP Address ranges that the client uses or updating the scan engine database. With security in mind, these management changes are never “pushed” to the DCA. Instead, they “pull”, utilizing the same mechanism for posting scan data and “checking in” to the PrintMIBUK Server to find out if there are any changes that need to be “picked up”. All communications with the PrintMIBUK Server are initiated on the client side. Specifically, the DCA will “check in” once per hour to the PrintMIBUK Server to see if there are any changes for it. If there are changes, it picks them up, makes the changes and then confirms back to the Server that the changes were successfully made. All communication between the client and server done over HTTP protocol.
PrintMIBUK has adopted the “Pull” only philosophy to avoid having to compromise network security by opening access to the outside world. By restricting communications to known and commonly used ports, the DCA does not require special exceptions or security rules. All communications are initiated by the DCA and at no time does any outside system attempt to contact the DCA.
In summary, PrintMIBUK is sensitive to the security concerns of both our clients and their clients, and we have attempted to design our products in such a way as to address the needed functionality without compromising vital security. We hope that this document is helpful in answering any questions regarding our products and the possible security concerns that using them might create.