PaperCut Security White Papers

24 June 2016

|In News, Analysis, Access Control, Print and Copy, Mobile & BYOD

White Papers are great tools to arm potential customers with all the in’s and out’s of a product they may need. They are also very useful when it comes to answering tenders.

While a print out or .PDF is a great asset for someone to take away and read over in their own time it is a static document. White Paper documents need to be engaging and relevant for audiences of the future. Providing out of date information can lead to a mis-sell and missing customer expectations completely.

White Papers should be forever adding new elements and continuously evolving with advancements in development and within the industry. There should be no difference in someones mindset between reading a PDF file and reading a web page. Web pages offer a host of advantages over static documents including tools for reading and interacting as well as multimedia aspects to help resellers interact and engage the intended audience.

Over the many years we have been involved with PaperCut we have collected a host of useful links that help us get through even the most biased and challenging tender documentation. Our pre-sales and channel team spend a lot of their time assisting our partners with tenders and customer meetings (and they love it, so keep them coming!), let us share some of the best resources to help you. What better subject to start with than security?

PaperCut Security Overview

PaperCut has three great security articles updated regularly by the development and support teams. These three links are a great stepping stone to understanding PaperCut's stance on security. Recommended reading:

Tell me all about PaperCut's built-in security

Common Security Questions on PaperCut

Security Settings for PaperCut's Web Server

Secure print release

Unlike conventional direct printing setups, PaperCut can integrate card-swipe user authentication at devices, ensuring jobs are only printed when the collecting user is present.

All jobs, system settings and admin login activity is recorded in the PaperCut database, ensuring full accountability and auditing of print system activity.

Print archiving

PaperCut's Print Archiving empowers approved administrators to browse and review the content of print activity within their environment.

The ability to view previous print jobs allows administrators to create and enforce information security, data retention and audit policies.

Digital signatures and watermarking

Watermarking is a feature that allows text (such as username or a digital signature) to be written to the bottom (or top) of every page. Watermarking is a powerful and popular feature.

Admin access control

Assign administrator rights to individual's network user accounts with full or restricted access to PaperCut admin functionality.

User Auditing

PaperCut includes the ability to audit changes made to users within PaperCut, this is an important security feature for administrations of the application in a centralized or shared evnironment.

Job anonymisation

Once PaperCut has finished processing a job it can be setup to "forget" the original user and clear any information from the database that links the two. PaperCut can also ensure the document name of print jobs are not logged. Document names can include identifying information about a user or the nature of their print job.

Hiding document names

In some organisations it may be a requirement, especially in hold/release queues, to hide document names in the print queues. This is often a needed because of confidentiality requirements such as the names of HR documents or perhaps commercially sensitive documents.

PaperCut Embedded Encryption

All traffic is encrypted between PaperCut and the embedded or on-board applications running on a MFDs.

PaperCut ports

The main network TCP ports used by PaperCut are: 9191 for HTTP connections, 9192 for secure HTTP/SSL connection and 9193 for device RPC (only used for embedded copier/MFP solutions. For a complete list, click below.

SNMP

PaperCut uses SNMP for toner information and device serial numbers.

Stopping direct printing

PaperCut works by monitoring print queues, there are various measures that can be taken to prevent users from bypassing PaperCut's print tracking.

Web session inactivity timeout

For security reasons all the web sessions log out (timeout) after periods of inactivity. Clicking a link or refreshing a page resets the inactivity timer. Closing the browser window/tab also ends the session (i.e. the session cookies are not persistent). These timeouts can be changed via advanced config keys.

Disable credential caching and auto complete

For security reasons, PaperCut can disable the login credentials caching and autocompletion browser behaviour. This is controlled by the following key auth.web-login.autocomplete

PaperCut PCI compliance

PaperCut supports a number of online payment gateways for users to add funds to their account. It is important to understand that PaperCut never processes or stores credit card data.All of the supported credit card gateways offer an integration architecture that uses URL redirect to direct the user’s browser to the payment gateway website when a user wishes to top up their account.

Forcing the use of HTTPS/SSL

By default, PaperCut offers both plain HTTP and encrypted HTTPS based browser access. HTTP is on port 9191 and HTTPS/SSL on port 9192.

SSL cipher configuration

PaperCut is configured to support a broad variety of SSL ciphers with the aim of supporting the widest array of browsers and operating systems possible. Some organizations may choose to disable some ciphers on the server-side to comply with policies such as PCI-DSS recommendations.