What are people's thoughts on security for devices that are setup to scan to e-mail? I can do a packet trace on a typed e-mail and capture some information, but what about scanned documents? A .pdf file looks like gibberish to me with WireShark, but I'm not a hacker. Could sensitive information be pulled from the scanned document when e-mailed over an unencrypted connection?
I realize the TO/FROM/Subject/Date/Time would be visible, but what about the contents of the scanned image? Can someone pull the information and feed it into a file and rebuild the document?
Reason I'm asking, I have a device that will be scanning documents that doesn't have TLS capabilities. Is this a security risk? Running on an external network?
If you can capture the SMTP traffic it is a fairly trivial task to reconstruct the data part of that (MIME) and extract any attachments like PDFs, so if the PDF itself is not encrypted, you could view the PDF including any scanned images it contains. As SMTP travels over the Internet in clear text, unless you use TLS (Extended SMTP), you have a security risk.
If you want to email sensitive documents you need to encrypt them in some way, either encrypt the document (e.g. Winzip, PGP) or the email (e.g. PXE, S/MIME) or the email traffic (e.g. TLS).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...