Manualshelf

HP Embedded Digital Sending - PC Fax Send Security Statement

ManualsBrandsHP ManualsPrint & ScanQ3943A
12345678
Security statement -1
Overview
The Analog Fax Accessory was designed with one purpose in mind receiving and
sending fax data to and from the MFP it is connected to (LaserJet 4345mfp,
4730mfp, 9040mfp, 9050mfp, 9500mfp). In order to send and receive faxes the
product employs a standard fax/data modem card connected to the MFP.
An optional Send Fax driver for a client PC allows the fax job to be initiated remotely
from a PC rather than at the MFP control panel. The fax card passes data from the
MFP through the public telephone network.
The primary security concerns are gaining network access through the
telephone/modem connection and making the MFP or PC vulnerable to a virus or
malicious use.
Fax Firmware
Although the Analog Fax Accessory uses a standard modem card, its behavior is
strictly controlled by the Analog Fax Accessory firmware using EIA/TIA fax
commands and modem control commands (or AT commands). The closed nature of
the fax firmware with its limited functionality does not provide a pathway or
commands necessary to achieve network access from the telephone network. The
only way to create such a path requires a prohibitive engineering effort to build
replacement code and install it to the formatter. While there may be other security
concerns related to the printer network connection, the Analog Fax Accessory
hardware does not add any security risks, as network access is unavailable via the
Fax Modem from an external source.
HP MFP Send Fax Driver
The other part of the fax solution is the optional HP MFP Send Fax driver. The Send
Fax driver provides an interface to send fax jobs from a PC to an MFP over a
network connection. The Send Fax driver software installs on the PC. An MFP
firmware update adds support in the MFP for the Send Fax driver.
Hp.com and Microsoft Digital Signature
The driver is available for download from hp.com. The potential security risk involves
compromising the driver itself with (for example) a virus or malicious code. However,
hp.com is a highly secured website, and Microsoft digitally signs the driver.
Modification of the driver would require:
n Intrusion into the hp.com website, and
n A corresponding modification of the digital signing information.
Modifying the driver causes a message to appear during installation, indicating that
the driver is not authentic. However, the risk of this occurrence is very low and is no
different than downloading and installing other currently available drivers, firmware,
or software for the MFP.