[IDS] HCD_PSTN_Fax_Enabled attribute

[IDS] HCD_PSTN_Fax_Enabled attribute

Ira McDonald blueroofmusic at gmail.com
Sat Aug 15 01:26:41 UTC 2009


Hi,

We appear to have talked past each other here.

I have never heard of anyone actually worrying
that a data fax connection could somehow bridge
ONTO the customer's local intranet.

But certainly allowing PSTN FAX *at all* will break
the security perimeter for classified or sensitive
documents.  An authorized user (low authorization)
who is disgruntled (80+% of all security exploits per
SANS) can send a document outside the intranet.

That's a real threat, not in the least imaginary.

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: blueroofmusic at gmail.com
winter:
  579 Park Place  Saline, MI  48176
  734-944-0094
summer:
  PO Box 221  Grand Marais, MI 49839
  906-494-2434



On Fri, Aug 14, 2009 at 8:46 PM, Randy Turner<rturner at amalfisystems.com> wrote:
>
> In my analysis of the data/fax modem solution, it looks like the device
> would have to be massively compromised to engage in such an exploit - and if
> compromised to this extent, any information coming from this device
> regarding it's security posture is probably suspect at best, and worthless
> at worst.
> By "massively compromised" in the above sentence, I mean that the system
> code load would probably have to be replaced with a malicious software load
> and/or the system code would have to be "supplemented" by additional
> significant software to cause a data/fax modem exploit to occur.
> I too think that the data/fax exploit is highly unlikely, and if is does
> happen, we have not provided enough posture information to detect it and
> effect a change in how the device's security posture is evaluated by a
> health validator.
> Randy
>
> On Aug 14, 2009, at 5:36 PM, Brian Smithson wrote:
>
> In my previous experience with government agencies,
> the primary concern about PSTN Fax was that it could be
> used *from a compromised system or by a rogue walkup
> user* to export documents and system configuration
> information invisibly, i.e., w/out passing through a firewall
> and w/out any chance of detection by smart routers
> (ones with embedded firewalls).
>
> Also know as "sending a fax"?
>
>
> My understanding of the concern about PSTN fax modems is that someone could
> establish a data session on the fax modem through which they gain access to
> the customer network, circumventing the firewall. But I have never heard of
> any actual exploits, nor even the technical possibility of an exploit, so I
> consider it to be an irrational fear. I guess its easier to visualize
> someone sneaking things past a firewall through a fax modem than it is to
> visualize something like XSS or SQL injection  :-).
>
> --
> Regards,
> Brian Smithson
> PM, Security Research
> PMP, CSM, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies
> Ricoh Americas Corporation
> (408)346-4435
>
> Ira McDonald wrote:
>
> Hi Randy,
>
> Not that I know of.
>
> In my previous experience with government agencies,
> the primary concern about PSTN Fax was that it could be
> used *from a compromised system or by a rogue walkup
> user* to export documents and system configuration
> information invisibly, i.e., w/out passing through a firewall
> and w/out any chance of detection by smart routers
> (ones with embedded firewalls).
>
> Cheers,
> - Ira
>
> Ira McDonald (Musician / Software Architect)
> Chair - Linux Foundation Open Printing WG
> Blue Roof Music/High North Inc
> email: blueroofmusic at gmail.com
> winter:
>   579 Park Place  Saline, MI  48176
>   734-944-0094
> summer:
>   PO Box 221  Grand Marais, MI 49839
>   906-494-2434
>
>
>
> On Thu, Aug 13, 2009 at 9:55 PM, Randy Turner<rturner at amalfisystems.com>
> wrote:
>
>
> Are there any documents on the internet that you guys know about that
> describe existing attack vectors on PSTN/Analog Fax lines?
>
> Randy
>
>
> On Aug 13, 2009, at 6:44 PM, Ira McDonald wrote:
>
>
>
> Hi Randy,
>
> It's not that we don't care about IFax.
>
> It's that all forms of Internet Fax have protocols and IP
> ports that would be reported in HCD_Firewall_Setting.
>
> But many businesses and government agencies ALSO
> want to close the "back door" of PSTN Fax.
>
> Cheers,
> - Ira
>
> Ira McDonald (Musician / Software Architect)
> Chair - Linux Foundation Open Printing WG
> Blue Roof Music/High North Inc
> email: blueroofmusic at gmail.com
> winter:
>  579 Park Place  Saline, MI  48176
>  734-944-0094
> summer:
>  PO Box 221  Grand Marais, MI 49839
>  906-494-2434
>
>
>
> On Thu, Aug 13, 2009 at 9:02 PM, Randy Turner<rturner at amalfisystems.com>
> wrote:
>
>
> Hi All,
>
> When we came up with this attribute, we include PSTN in the name, which
> means we only care about PSTN fax, and not internet-fax options such as
> T.38
> or other fully capable iFax features.
> Did we mean to do this? We only care about PSTN? Which I assume to mean
> analog fax?
>
> Randy
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> ids mailing list
> ids at pwg.org
> https://www.pwg.org/mailman/listinfo/ids
>
>
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> _______________________________________________
> ids mailing list
> ids at pwg.org
> https://www.pwg.org/mailman/listinfo/ids
>
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the ids mailing list