On Wed 02 Jan 2019 at 16:54:37 (+0000), Joe wrote: > On Wed, 2 Jan 2019 15:51:47 +0100 <to...@tuxteam.de> wrote: > > Some scanners mail things around, these days. I don't want to even > > think about how many security holes lurk in there. > > The practical alternatives are to hook the scanner into the SMB sharing > system, or use sneakernet. Which of those has fewer potential security > issues?
Well that depends on what you mean by security. I assume from what you write below that you're perhaps thinking of the person who scans sensitive documents onto a USB stick and carries it out of the building. In my case, the security vulnerability is the sneakernet one: I use a stick to transfer the scans from the scanner to an encrypted laptop. A burglar could steal the unsecured stick as part of their swag. > A company I do some work for is no longer self-sufficient in IT, it is > part of the company international IT Borg. As such, its PCs are all > hooked by VPN into a Windows domain, which rules out SMB networking with > anything non-Borg, and all the USB sockets are disabled. Not, oddly, > the SD card slots... > > I've just eliminated an old PC there, which existed solely as a SMTP > server for the scanner. It now uses a Raspberry Pi running (straying > back on-topic) Raspbian. My scanner is either one floor up or one down from where I normally work (attic office, basement kitchen). Wifi scanning directly into the computer would be a pointless exercise because the documents still have to be physically loaded onto the scanner bed. Cheers, David.
