Security Basics mailing list archives
RE: fax software in the domain
From: "Ed Spencer" <espencer () usa net>
Date: Mon, 26 Jul 2004 23:13:06 -0800
If you can't remove the fax software from the pc, remove the pc from the network. ;-) Since I'm guessing that both of these aren't an option there are a couple things you can do depending on how much of the telephone side is managed within the company. 1. Insure modem is NOT set to auto-answer calls. Some even have a dip switch to set this up so it can't be overwritten with the Hayes command set. Super glue or epoxy the dipswitch in place. 2. At the phone switch autoforward the line to voicemail preventing the line from getting any incoming calls. Optionally, assign a non DID (Direct Inward Dial) number to the phone line to prevent non-internal calls from reaching the line. If you don't have access to the phone switch arrange for the phone company to auto-forward the line elsewhere. NOTE: This is only applicable if the faxes are outgoing and not incoming. LOOPHOLE: You can still forward an internal extension/number to this line and dial in on the forwarded extension if the modem will accept calls but every little bit helps (defense in depth). 3. Insure that the computer isn't set up to use the modem as a network device by unbinding tcp/ip (in network setup, remove the items while the modem is selected as the active card) from the modem. 4. Add a local policy to the machine or modify active directory policies to prevent the modem from being bound back to tcp/ip (block network changes). 5. Consider the use of a fax server in lieu of the existing solution with better security features. 6. Find the local access numbers to ISP's and block those numbers on the line from being dialed (not overly practical, but possible for the most common numbers). 7. Lock out all but the user(s) that have to use the modem and if possible block access to the fax modem from over the internal network (it's usually shared as a printer). I'm sure there are more steps that could be taken, and not all of the recommendations above apply to every situation because of management and company policies in place. Good luck! Ed Spencer Network Administrator Aramark Corporation - Denali National Park. -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: Saturday, July 24, 2004 2:06 AM To: security-basics () securityfocus com Subject: fax software in the domain Hi, Im my domain we have w2k servers and the workstations we use xp pro. On the station of one employee he must use also a fax with a modem connected to the telefhone line. I think that this is a security problem. I cant remove the fax from his pc .my question is what are the steps to protect this pc from being a security problem to all the network ? thanks !! __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- fax software in the domain Juan B (Jul 26)
- RE: fax software in the domain Rocky Heckman (Jul 27)
- RE: fax software in the domain Murad Talukdar (Jul 27)
- RE: fax software in the domain Ed Spencer (Jul 27)
- <Possible follow-ups>
- RE: fax software in the domain Depp, Dennis M. (Jul 26)
- RE: fax software in the domain Henry, Christopher M. (Jul 29)
- RE: fax software in the domain Ed Spencer (Jul 30)
- RE: fax software in the domain Rocky Heckman (Jul 30)