Introduction
The processor of a computer is a device whose clock speed is very high. Therefore, the processing of data by the processor is by far faster than all the other peripheral devices that are connected to it (Tanenbaum, 2008). The effectiveness of any processor is achieved by ensuring that the processor’s idle time is minimized. This is made possible by ensuring that a queuing mechanism is established in case the computer is connected to slower peripheral devices.
This is normally represented by the term SPOOL which denotes simultaneous peripheral output online. This technique ensures that the tasks that a peripheral device sends to the processor are arranged in the form of a queue waiting for processing. This will ensure that the processor is able to perform other tasks and the requests it receives from other peripheral devices as it awaits more instructions from the slower peripheral devices.
Main Body
The design of these peripheral devices has resulted in exposing the data that is being sent or received to more vulnerability to attacks. This is because the hardware and software designers of these devices focus more on increasing the access points of the peripheral devices as opposed to their security (Hruska & Keith, 1992). This increases the user-friendliness of the devices but at the same time exposes them to more security attacks. The attacks mainly occur when these peripheral devices are placed on a network. The sent data in this case can be accessed by a remote computer that is able to access the network. If a printer is used to print sensitive information and then access another website that is accessed by the public, an attacker can be able to obtain the data that the printer had processed by accessing the printer through this website.
The vulnerabilities that the peripheral devices may be exposed to are explained below. Assuming that the printers are connected to a network through a network port, they may be exposed to security attacks. These printers have an IP address that is able to identify them on the network (Roger, 2002). An attack may be performed physically where the attacker removes the network cable from the printer and connects another device such as a laptop to it.
This means that he/she will be able to interrupt and access all the data that is being sent to the printer by configuring his/her laptop to act as a printer server. The connection to the port of the printer may also give the person access to data that was printed earlier by this printer. It can, therefore, be concluded that removing the printer cable or that of any other peripheral device that handles sensitive data from a network can result in a security threat.
The keyboard is mainly used as an input device for most of the computer systems. Assuming that it is used to enter data to the computer, attacks can be made through it. This may be made possible by the use of inline sniffer devices (Nicholas, 2001). These are devices that are attached to the peripheral devices with the aim of obtaining information from the peripheral devices for use by a third party. They may also be placed on the communication channel between any two devices. The sniffer devices are normally programmed to respond to certain actions. This may include retrieving the data whose destination is a peripheral device.
The inline sniffers may either send the data immediately to a third party or in some cases it may save the data which will be retrieved at a later stage when the attacker retrieves the device. The detection of the inline sniffer which stores the data is difficult and this will result in the third party obtaining this data without being traced. This type of attack is referred to as hardcore espionage. Another way in which the data can be accessed is through the storage media on the printer. The data on this device is overwritten only when the printer performs another task (Jyoti, 2006). This means that in case no further job is sent to the printer, the previous work can be accessed.
The firmware is also an important component of the printer operation. The printer cannot run without the firmware. This firmware is saved on a FLASH ROM that is contained within the printer. Assuming that the attacker has physical access to the printer, he/she may be a threat if he can access the FLASH ROM of the printer. The firmware is a sequence of programmed instructions (Antoon & Priscilla, 2008). The attacker may program another firmware that will contain information that the original one did not.
He/she may then remove the original firmware and replace it with the new one. This may offer a security threat since the new firmware may be programmed to intercept certain types of data and send it to the third party. The firmware may also be programmed to introduce viruses into the system (Grembi, 2008). This virus may spread to the entire network. This may harm the entire network or give the attacker access to sensitive data. Access to the printers’ ROM from a remote position is also a security concern. This may enable the attacker to change the firmware to suit his/her needs from a remote location and sabotage the information that may be sent to the printer.
Access to a printer from a remote location may also act as a security threat. The assumption here is that remote access is not authenticated. The data being transmitted is also not encrypted. The printers that are manufactured at the moment possess the option of allowing unauthenticated access (Cook & Neil, 1997). They also allow data to be sent or received when it is not encrypted. This makes it easy for attackers to be able to access this data.
Lack of encryption and authentication also makes it easy for the attackers to locate the printers if they are placed on a network. The printers should, therefore, be placed behind firewalls to ensure that unauthorized access is prevented. The inclusion and the use of the backdoor by the manufacturer may also act as a security threat (Bishop, 2003). It allows remote access that may be unauthenticated. This may result in the attacker gaining access to sensitive data since after the access he/she is given administrative privileges.
When an attacker gains access to the printer in the network, he/she may sabotage the operation of the printer or any other peripheral device. For the case of a printer, sending a large amount of data within a short time for the printer to process may make the printer to stop functioning until some of the requests are canceled (Archer, 2001). The attacker may use this technique to slow down the operations of an organization. He/she may also use this channel to introduce viruses into the system.
Conclusion
The peripheral devices are an important part of any computer system. However, they may also pose a threat to the security of the data that is being transmitted within the system. Security measures should always be put in place whenever any peripheral device is being used. Importance should not only be put on the functionality of the device but also on how secure the device is. This is important as it will keep all the sensitive data of an organization safe and prevent any malicious attacks that may otherwise be conducted.
References
Antoon, W. R., & Priscilla, O. (2008). Network Fundamentals. London: Cisco Press.
Archer, H. J. (2001). Schaum’s Outline of Operating Systems. New York: McGraw-Hill.
Bishop, M. (2003). Computer Security. Boston: Pearson.
Cook, B., & Neil, W. (1997). Computer Peripherals. London: Edward Arnold.
Grembi, J. (2008). Secure Software Development. Boston: Cengage Learning.
Hruska, J., & Keith, J. (1992). Computer Security Reference Book. Ohio: Butterworth-Heinmann.
Jyoti, S. (2006). Computer Peripherals and Interfacing. New Delhi: Laxmi Publications.
Nicholas, C. (2001). Schaum’s Outline of Computer Architecture. New York: Mcgraw-Hill.
Roger, T. (2002). Schaum’s Outline of Computer Networking. New York: McGraw-Hill.
Tanenbaum, A. (2008). Modern Operating Systems. New Jersey: Prentice Hall.