secure printing ssh

(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Home > News Posts > secure printing ssh
Printer Friendly Version

News Group Posts

secure printing ssh

From: Bob Rasmussen <ras@anzio.com>
Subject: Re: Encryption of printer files
Date: Sat, 24 May 2003 12:09:04 -0700
References: <nRHza.19690$io.358154@iad-read.news.verio.net> 

On Sat, 24 May 2003, moncho wrote:

> OS 5.0.5 and OS 5.0.6
>
> With people moving from Telnet to SSH and ftp to Sftp along with other
> security measures, I was wondering what people are due to secure their print
> jobs from the server to the network attached printers?
>
> I cannot remember the name of the company or website, but someone is
> currently developing an encryption printer driver but only for MS products.
>
> Anyone out there investigated this and found something reliable?


You have hit on one of the under-mentioned aspects of security. I've been
watching and looking for solutions. So far:

1. Some of the HP JetDirect devices appear to have SSL support. I have not
determined what kind of host level support there is.

2. CUPS seems to have some encryption capability.

There are many links in the chain of security, as has been pointed out.
One of the links that we are addressing is the Internet link to a remote
printer. Suppose, for instance, you're running a medical billing service,
and clients are accessing your system over the Internet. Now you need to
print reports in their office. According to HIPAA, this needs to be
encrypted when it travels over the Internet, at least.

One solution, for character-based applications, is passthrough print,
through an SSH session. If I run AnzioWin (our SSH client) to a host
system, then do passthrough print through that session, the print data is
travelling on the same authenticated, encrypted channel as the screen
data. And regardless of what you may have heard in the past, passthrough
print can be made to work very well. The data is encrypted to the point of
the user's PC, where it can be sent to a directly-wired desktop printer,
or to a networked printer, in which case security analysis would be needed
on that link.

We are also working on a feature called "back channel printing", again in
an SSH connection. With this feature, the multiplexing nature of SSH is
used to create a back channel, using a different pty on the host system.
Printout can be routed to that pty (which can be soft-linked to a knowable
name), and it again travels over the authenticated, encrypted session. In
this approach, the print data positively can not mix with the screen data,
and the Unix spooler can be used if desired.


Finally, there is web-server based printing. Our Web Print Object (WePO)
allows precise printing in this environment. The WePO object actually
fetches the data to be printed from the server, and can use HTTPS to do
so, so data is encrypted. I believe that external means could be used to
authenticate (is this person authorized to view this data?), but we are
still experimenting with that.

More info on web site below.

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com

If this page was useful to you, please click to help others find it:

Your +1's can help friends, contacts, and others on the web find the best stuff when they search.

Comments?

Inexpensive and informative Apple related e-books:

Take Control of iPad Basics (FREE!)
iPhoto '08: Visual QuickStart Guide
Apple Mail in Panther (Leopard version also available)
Mail on the iPad, iPhone, and iPod touch
Font Problems in Mac OS X, Tiger Edition (Leopard version also available)

Click here to add your comments

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Why no "Digg this!" etc.?

Printer Friendly Version

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

Printer Friendly Version

Linux posts

Mac OS X posts

Shell scripting posts

Troubleshooting posts

This post tagged:

- SCO_OSR5

Unix/Linux Consultants

Skills Tests

Guest Post Here