The Print Queues section in the PaperCut Hive and Pocket admin console provides powerful functionality that manages printer drivers using system privileges. This page describes aspects that mitigate potential security issues and misuse.
What you can do to protect users
Limit who can deploy drivers
Printer drivers run with system-level privileges. Because printer drivers could contain malware, it’s important that not just anyone can deploy them. To protect your end-users from potential malicious software, always limit who can access the PaperCut Hive and Pocket admin console.
Only use trusted manufacturer drivers
When uploading a new printer driver to PaperCut Hive and Pocket, an admin selects a client computer (edge node) to clone the driver and its configuration from. Only copy drivers from clients that you trust, for example, anti-virus software is active and software running on the computer is trusted. Only download drivers from trusted manufacturer websites, and avoid installing print drivers from other sources.
What PaperCut does to protect users
Data storage model
When PaperCut Hive or Pocket copies (uploads) a print queue into the PaperCut Cloud, it splits the queue into two parts:
- the print queue configuration
- the printer driver.
While both parts are stored by PaperCut in the cloud, they are handled differently.
The print queue configuration data is considered potentially sensitive. It contains the print queue name, default print settings, such as double-sided and black-and-white, and other configurations created by the driver. PaperCut Hive or Pocket stores this part privately within your organization.
The printer driver data is not sensitive and contains the core of what was downloaded from the manufacturer’s website. This part is stored in a shared repository of drivers. Read on for details about how this is managed.
Driver integrity checking
When a sysadmin requests to copy a print queue, PaperCut Hive or Pocket prepares the printer driver part for upload to the PaperCut Cloud by taking a cryptographic hash of the driver files. This uniquely identifies the driver. If this driver has been uploaded previously, by your organization or another, then it does not need to be uploaded again. This is the same principle used by Git (the version control system) and hash-based file systems.
When the printer driver part is downloaded, PaperCut Hive or Pocket verifies this hash to ensure the driver is the same as what the admin requested.
This doesn’t mean that printer drivers are automatically available to other organizations. A driver is only “unlocked” through the process of copying a queue and discovering its hash. In other words, the system only pastes what you have copied.
It’s important to note that while the PaperCut Hive and Pocket perform integrity checks, they do not vouch for the function of the printer driver. For this reason, it is important to only upload drivers from trusted systems, such as a system you personally manage, and to obtain drivers from legitimate manufacturer sources. Otherwise, you run the risk of inadvertently spreading malware between your systems.
Hashing details
The printer driver part is hashed twice: once using MD5 and again using SHA256.
The MD5 hash is used first for a quick hash check immediately after the file has been uploaded to the cloud. This optimizes system performance by discarding files that have been tampered with.
Then, immediately after the client downloads the driver part from the PaperCut Cloud, it is validated with the SHA256 hash. That way, even if an attacker was able to cause an MD5 hash collision using tampered content, the SHA256 hash protects the content from running on clients.
Comments