The device I'm evaluating stores the fax as an image file on disk and you can map to that area of storage like a regular drive or access it via UNC. The Fax server will not print the message unless directed to do so via the set up parameters -- kind of neat. But, AFNIC and AFMS security analysts are wanting to treat the server as a dial-up connection to the network which by definition is forbidden.
So, I'm hoping I can convince them that if we treat the Fax server as a MFD (Multifunction device) who has it's fax line mitigated via a telephone firewall then it is OK. They are currently chewing on that, I'm just looking for more ideas to show that it is a valid mitigation and limits the risk. Steve -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Pete Theisen Sent: Thursday, October 22, 2009 7:12 PM To: ProFox Email List Subject: Re: Question for the CISSPs on this list. Wolfe, Stephen S Civ USAF AMC 6 MDSS/SGSI wrote: > How can a Fax server be considered a vulnerability on your network? If > the fax line is controlled through a VPS that is running a telephone > firewall; how safe can you be? > > Steve Hi Steve, That came up with the HIPPA bs. If a fax comes in and sits in the tray and the fax is somewhere where someone can see it. Yeah, I know, a stretch. -- Regards, Pete http://pete-theisen.com/ http://elect-pete-theisen.com/ [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
