On Fri, Oct 23, 2009 at 7:02 AM, Wolfe, Stephen S Civ USAF AMC 6 MDSS/SGSI <[email protected]> wrote: > The device I'm evaluating stores the fax as an image file on disk and > you can map to that area of storage like a regular drive or access it > via UNC. The Fax server will not print the message unless directed to > do so via the set up parameters -- kind of neat. But, AFNIC and AFMS > security analysts are wanting to treat the server as a dial-up > connection to the network which by definition is forbidden.
Well, I can understand their concerns, without getting too deep into the "movie thriller" plots. We just acquired an HP OfficeJet Pro 8500, and the machine might as well be considered a full-fledged computer. It's got a color touchscreen, a web server interface, a JetDirect server, ethernet connections, USB connections and memory card slots. It makes cheerful little sounds and shows animations. Through several administrative interfaces, it has service software like mDNS and DHCP that can be turned on or off. It reads photo cards, displays the pictures, and offers to upload the pictures to a network share. I wouldn't be surprised to learn that it was running a minimal Linux or other OS. I could imagine a situation where a malformed file format might cause a buffer overrun that could lead to compromising the machine, from the photo card side. I'm not sure that the fax modem could be similarly compromised, but it's worth a review. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
