The recently discovered vulnerability involving fax lines on HP multi-function devices, termed Faxploit, are a reminder of the importance of fundamental security practices.
I did something a few weeks ago I rarely do: ignore a report about a significant vulnerability. Check Point Software released a very detailed analysis about the possibility of a network being attacked via a fax line. Perhaps it was disbelief, or alert fatigue, but I remember thinking that if a bad actor could attack a network using just a fax line, it was time for me to retire and take up chicken farming. As such, I ignored it for a few days.
The following Saturday, during my weekly hike, I was listening to the Security Now podcast led by Steve Gibson, someone whose judgment I trust. He spent much of the podcast discussing the fax vulnerability in great detail. Based on his report, I was forced to stop ignoring it, and spent a good bit of that Saturday afternoon planning my response.
A quick quiz: How many of you can quickly produce an inventory of all of your HP Officejet multi-function devices, particularly the models that are known to be impacted by this vulnerability? If you are like most, I suspect you answered with a blank stare.
Asset inventory is one of a number of basic cyber security housekeeping items that are critical, and yet are overlooked or simply ignored by many organizations. The folks that learn to do these security basics consistently and well can significantly lessen their chance of a successful attack. Those who neglect these in favor of focus on more complex problems and systems will generally pay the price in terms of intrusions, data breaches, and malware attacks.
Device inventory is just one of many housekeeping tasks critical to a secure environment. Here are 5 areas to focus on.