Fax Control

Fax machines can present some security problems if they are being used to transmit sensitive information. These vulnerabilities reside throughout the faxing process and include the following:

  1. When the user feeds the document into the fax machine for transmission, wrongdoers have the opportunity to intercept and decode the information while in transit.
  2. When the document arrives at its destination, it is typically printed and deposited into a fax tray. Anyone can retrieve the document and review its contents.
  3. Many fax machine use ribbons. Anyone with access to the trash can retrieve the ribbons and use them as virtual carbon copies of the original documents.

Fax systems can be secured by one or more of the following techniques:

  • Fax servers, which can send and receive faxes and then hold the fax in electronic memory. At the recipient's request, the fax can be forwarded to the recipient's email account or can be printed.
  • Fax encryption, another technique that gives fax machines the capability to encrypt communications. Fax encryption requires both the transmitting and receiving devices to support a common protocol.
  • Fax activity logs, which implement activity logs and exception reports, to monitor for anomalies.

Although fax servers have solved many security problems, they have their own challenges. Many use large hard drives where companies store a large amount of commonly used administrative documents and forms. Others allow ftp access to the print queue, where someone can grab files. These issues must be addressed before effective security can be achieved.


The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2



CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net