8.5 Fax server

Description

This chapter deals with information transfer via facsimile (fax). When selecting safeguards in the area of IT baseline protection, it should be borne in mind that no distinction has been made between different transmission standards (e.g. CCITT Group 3). This module only considers fax traffic generated using a fax server. A fax server in this sense is an application which is installed on an IT system and provides services on a network enabling other IT systems to send and/or receive faxes.

Fax servers are usually integrated into existing E Mail systems. Thus, it is possible for incoming fax documents to be delivered to users by E Mail. Outgoing documents are passed to the fax server either via a printer queue or else by E Mail. If the fax server is integrated into an E Mail system it is also possible to send out "serial letters" either by fax or by E Mail. If the recipient has access to E Mail then he receives the message free of charge by E Mail, otherwise it comes by fax. The document sent or received by a fax server is a graphics file which cannot be directly edited in a word processing system. However, archiving is possible in either case. This can be done either through the fax server software or else in document management systems.

Fax server applications are available for a number of operating systems, e.g. for various Unix derivatives, Microsoft Windows NT and Novell NetWare. The threats and safeguards associated directly with whichever operating system is used are not considered in this module. Those aspects are considered in Section 6.1 and the section that is specific to the particular operating system.

Fax servers also often have a binary transfer mode capability. This enables any data which is not in fax format to be transmitted. These transmissions do not constitute fax transmissions. Therefore any special threats and safeguards relating to this service are not considered in this section. If the binary transfer mode is permitted, then Section 7.2 Modems should also be used.

Threat Scenario

The following typical threats are assumed for fax information transfer over a fax server as part of IT baseline protection:

Organisational Shortcomings

Human Failure

Technical Failure

Deliberate Acts

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules"), as described in Sections 2.3 and 2.4, is recommended.

As a first step a comprehensive set of security guidelines for the fax server should be prepared (see S 2.178) and a suitable fax server should be procured (see S 2.181 Selection of a suitable fax server). These should be used as the basis for developing appropriate procedures. Finally, Fax Officers should be appointed for the fax server (see S 3.10 Selection of a trustworthy administrator or deputy and S 2.180 Setting up a fax mail centre). Both the security guidelines and the procedures based on them and the appointment of Fax Officers should be effected in writing. These specifications should then be implemented in the form of specific security measures. As well as secure operation of the fax server, it is especially important that the users should adhere to the relevant security precautions and instructions.

The safeguard package for the "Fax server" application is listed below:

Organisation

Personnel

Hardware & Software

Communication

Contingency Planning


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 29 June 2000