Page 881 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 881
technologies, such as Apache SpamAssassin and spamd.
Fax Security
Fax communications are waning in popularity because of the
widespread use of email. Electronic documents are easily
exchanged as attachments to email. Printed documents are just as
easy to scan and email as they are to fax. However, you must still
address faxing in your overall security plan. Most modems give
users the ability to connect to a remote computer system and send
and receive faxes. Many operating systems include built-in fax
capabilities, and there are numerous fax products for computer
systems. Faxes sent from a computer’s fax/modem can be received
by another computer, by a regular fax machine, or by a cloud-
based fax service.
Even with declining use, faxes still represent a communications
path that is vulnerable to attack. Like any other telephone
communication, faxes can be intercepted and are susceptible to
eavesdropping. If an entire fax transmission is recorded, it can be
played back by another fax machine to extract the transmitted
documents.
Some of the mechanisms that can be deployed to improve the
security of faxes are fax encryptors, link encryption, activity logs,
and exception reports. A fax encryptor gives a fax machine the
capability to use an encryption protocol to scramble the outgoing
fax signal. The use of an encryptor requires that the receiving fax
machine support the same encryption protocol so it can decrypt
the documents. Link encryption is the use of an encrypted
communication path, like a VPN link or a secured telephone link,
to transmit the fax. Activity logs and exception reports can be used
to detect anomalies in fax activity that could be symptoms of
attack.
In addition to the security of a fax transmission, it is important to
consider the security of a received fax. Faxes that are automatically
printed may sit in the out tray for a long period of time, therefore
