Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Vulnerability testing in analog modem

from [jfvanmeter] Network Security [Permanent Link]
Subject: Re: Vulnerability testing in analog modem
Date: Mon, 29 Oct 2007 16:21:04 +0000 
I had a similar pen test, it was on a xerox docucentra, I had several concerns 
with the multifunction printer

1. there was/is no auditing of the fax connection, so I could try and try and 
no one would never know about the attack.
2. the printer also had a web server, so I copied some test file to the hd and 
set up my very own web site.

i believe it is possible to break out of the modem connection, via some type of 
diagnotic route and get access to the network.

I recommend that to my client that they configure the phone jack for outgoing 
calls only., turn off the web server, set passwords, etc. 

I would be interested in hearing anyones thoughts about this. I have a test 
coming up for a client on a multi function printer

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: rohnskii@gmail.com

I don't know about connecting through the fax to the network but there is 
another security concern to think about.


Fax machines, and printers, that have an internal HD for document storage can 
be 
a security concern.  When the machine is sent out for servicing or retired 
there 
may be retrievable document images with confidential information on them.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: NAT external/Public IP, Grant Donald
Next by Date:  RE: RE: NAT external/Public IP, David Gillett
Previous by Thread:  Re: Vulnerability testing in analog modem, rohnskii
Next by Thread:  RE: Vulnerability testing in analog modem, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]