IT Baseline Protection Manual - The Information Warfare Site

Telecommunications Fax Machine
_________________________________________________________________________________________
8.2 Fax machine
Description
This chapter deals with information transfer via facsimile
(fax). The transmission standard (e.g. CCITT group 3) was
not used for differentiation purposes for the selection of
safeguards as part of IT baseline protection. In this module
the technical basis to be considered are common stand-alone
fax machines, but not fax cards or fax servers (see chapter 8.5
Fax server).
Threat Scenario
The following typical threats are assumed for fax information transfer as part of IT baseline
protection:
Organisational Shortcomings
- T 2.20 Inadequate supply of printing consumables for fax machines
Human Failure
- T 3.14 Misjudgement of the legal force of a fax
Technical Failure
- T 4.14 Fading of special fax paper
- G 4.15 Fax transmission errors
Deliberate Acts
- T 5.7 Line tapping
- T 5.30 Unauthorised use of a fax machine or fax server
- T 5.31 Unauthorised reading of fax transmissions
- T 5.32 Evaluation of residual information in fax machines and fax servers
- T 5.33 Impersonation of wrong sender on fax transmissions
- T 5.34 Deliberate re-programming of the destination keys on fax machines
- T 5.35 Deliberate overload through fax transmissions
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules"), as described in Sections 2.3 and 2.4, is recommended. In the following, the
countermeasure package for "fax machines" is set out:
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000