Back

Disable Fax Service unless Fax Service use is absolutely necessary.


CONTROL ID
01815
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The ability to receive faxes on the computer or let others send faxes through this computer should be disabled. (Pg 82, Pg 83, Mac OS X Security Configuration for version 10.4 or later, second edition, Second Edition)
  • This service sends and receives faxes. It should only be seen as running if a fax is being sent or received. This service should be set to "manual" startup. (Pg 23, The Center for Internet Security Windows 2000 Benchmark, 2.2.1)
  • The fax service is used to receive unattended faxes automatically. This service should be Disabled. You will still be able to send faxes and receive them manually. The permissions on this service should also be Administrator: Full Control; System: Read, Start, Stop, and Pause. (§ 4.1.4, The Center for Internet Security Windows 2000 Professional Benchmark, 2.2.1)
  • This service sends and receives faxes. It should only be seen as running if a fax is being sent or received. This service should be set to "manual" startup. (§ 23, The Center for Internet Security Windows 2000 Professional Operating System Level 2 Benchmark, 2.2.1)
  • The fax service is only for receiving unattended faxes. This setting should be Disabled. Users will still be able to send faxes and receive faxes manually. (§ 4.1.4, The Center for Internet Security Windows 2000 Server Benchmark, 2.2.1)
  • The organization must only enable fax service if absolutely necessary. The fax service is used for the unattended reception of incoming faxes. It is not required for the sending, or manual reception of faxes. It does require that a computer be left running all the time, and have the modem set to aut… (§ 4.1.6, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • Table F-1: For Windows 2000 Server, the organization must configure the permissions for fax service to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. Table F-2: For Windows 2003 Server, the organization must configure the permissions for fax service (Fax) to Administ… (Table F-1, Table F-2, Table F-3, Table F-4, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Fax service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The Fax service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • For Specialized Security - Limited Functionality systems, this service should be Disabled. For all other Windows XP environments, this service is Not Defined. (§ 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)
  • This service lets users send and receive faxes from their desktops via a local or shared fax machine. The Fax service is Not Defined for Enterprise Client environments and should be Disabled for Specialized Security - Limited Functionality environments. (Pg 68, NSA Guide to Security Microsoft Windows XP)