I have already deployed a fax server and am about to deploy a backup system for this host at our off-site facility. It struck me that I have given no thought to securing the serial port to unauthorized access. The modem is a Multi-Tech MT5634ZBA which supports data as well as fax. So this poses the same type of risk, if not to the same degree, as an ssh or telnet port but without the availability of a firewall to throttle repeated unsuccessful connection attempts. Are there any recommendations on what should be done in this circumstance or am I fretting unduly? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Friday humor:> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of James B. Byrne > Sent: Friday, July 25, 2008 4:27 PM > To: centos at centos.org > Subject: [CentOS] Securing serial ports - fax modems > > I have already deployed a fax server and am about to deploy a > backup system for this host at our off-site facility. It > struck me that I have given no thought to securing the serial > port to unauthorized access. The modem is a Multi-Tech > MT5634ZBA which supports data as well as fax. So this poses > the same type of risk, if not to the same degree, as an ssh > or telnet port but without the availability of a firewall to > throttle repeated unsuccessful connection attempts.Use a 900 number, like 1-900-PAY-4LOG (729-4564).> > Are there any recommendations on what should be done in this > circumstance or am I fretting unduly? > > Regards, > > -- > *** E-Mail is NOT a SECURE channel *** > James B. Byrne mailto:ByrneJB at Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
on 7-25-2008 1:27 PM James B. Byrne spake the following:> I have already deployed a fax server and am about to deploy a backup > system for this host at our off-site facility. It struck me that I have > given no thought to securing the serial port to unauthorized access. The > modem is a Multi-Tech MT5634ZBA which supports data as well as fax. So > this poses the same type of risk, if not to the same degree, as an ssh or > telnet port but without the availability of a firewall to throttle > repeated unsuccessful connection attempts. > > Are there any recommendations on what should be done in this circumstance > or am I fretting unduly? > > Regards, >If the system doesn't answer the data attempts, you should only have to worry if someone can send a crafted bit of data that will trigger a buffer overflow when the "fax image" is processed. I haven't heard of one, though. You might be able to turn off the modems ability to answer any capabilities but fax, and Class 1 fax AFAIR doesn't support a data channel. Only Class 2.0. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080725/f8f6ee90/attachment-0001.sig>