S 5.146 Network separation when using all-in-one devices

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

It is often uneconomical or impractical to use separate devices for printing, scanning, copying, and sending/receiving faxes. All-in-one or multifunction devices that support several or even all of these functions in a single device can be used as an alternative. These devices sometimes also have additional communications interfaces, for example for accessing the web.

All-in-one devices usually require less administration and fewer connection lines (power and possibly data lines) than a collection of individual devices. As a rule, all-in-one devices can either be connected directly to the workstation computer or connected over a LAN.

Some devices offer fax and remote data transmission functionality requiring a connection to the telephone network, which means that a physical connection between the LAN and the telephone network can be created through connections to other IT systems. If this physical connection is not controlled by a security gateway, then uncontrolled access to the Internet through this connection is possible under some circumstances, meaning unauthorised persons could gain access to the LAN from outside, for example. For this reason, attempts to establish unauthorised data connections must be rejected in all cases.

An exception is an all-in-one device with fax functionality that does not require a connection to the telephone network. These devices scan the documents and then send them over a data link to a central fax server, which is usually located in the LAN as well. Only the fax server connected to telephone network sends the fax to the actual recipient. When using a fax server, the safeguards recommended in module 5.6 Fax server must be implemented.

When using all-in-one devices that can be connected to a telephone network, you must first decide if this connection is actually necessary, i.e. if the corresponding fax or remote data transmission functionality is really needed. If you do not need a connection to the telephone network, then the following safeguards should be implemented, if possible:

• The fax and/or remote data transmission functionality should be disabled on the device.
• Disconnect the cable used to connect it to the telephone network. The cable should under no circumstances be left plugged in to the telephone jack.
• If the device is located in an area accessible to the general public, then the telephone jacks in the corresponding room should be deactivated or the interface to the telephone network should be removed from the device. If neither of these options is possible, then regular checks should be conducted to see if an unauthorised connection to the telephone network has been established.

If you want to use the fax or remote data transmission functionality of the all-in-one device, then it must be ensured that the connection to the telephone network required for this purpose cannot lead to uncontrolled data connections between the LAN and external networks. The following approaches are possible:

• The all-in-one device is connected to a stand-alone PC. This means that the computer is not connected to the LAN. A disadvantage of this approach is that the data needs to be transported between the stand-alone PC and the LAN using data media in many cases.
• One possible alternative is to separate the all-in-one device or the computer to which the all-in-one device is connected from the LAN with the help of an additional security gateway. Module 3.1 Security gateway (Firewall) must be taken into account in this case.
• Another alternative is to place the all-in-one device or the computer to which the all-in-one device is connected in a demilitarised zone (DMZ) of an existing security gateway. Module 3.1 Security gateway (Firewall) must be applied in this case as well.

All approaches to a solution mentioned must be integrated systematically into the IT security concept. They also require the implementation of additional IT security safeguards, for example to protect the system against harmful code such as computer viruses or Trojan horses.

Review questions:

• Can the fax and remote data transmission functionality of the all-in-one device be switched off?
• Are uncontrolled data connections between the LAN and external networks reliably prevented?