<< Click to Display Table of Contents >>

 

zetafax_logo

Security

To make your fax transmissions secure, you can set up Zetafax so that users need to log on to access sent and received faxes. Once you do so, users can only access their own faxes after supplying the correct logon credentials.  Security is set up in the Server settings section of the Zetafax Configuration program. Please read below for an explanation of how to set up user permissions.

 

The operation of the Zetafax Server is heavily based on files stored within the Zetafax Server folder structure. Protecting the integrity of Zetafax user data is therefore largely a matter of applying the appropriate permissions to folders within this file structure.

 

Supported platforms

Folder and file security requires the NTFS file system. As a consequence, enhanced security is only available on NT-family operating systems (Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2003 Server, etc.). In addition, all the relevant  Zetafax folders must be on NTFS-formatted partitions.

 

The Zetafax Server service

In order to run with enhanced security, the Zetafax Server must be configured  to run as a service. This ensures that the Zetafax Server always runs as the  account set in the service properties. This account will be given the necessary  rights over the Zetafax Server folder structure. Note that the service cannot  be set to run as 'LocalSystem' if enhanced security is to be used.

 

The Zetafax Admin's group

When enhanced security is applied, a new NT Group, the Zetafax Admin's group, is created. If the Zetafax Server Service account is local to the host computer, this group will be a local group, otherwise this group is a global group. The Zetafax Server service account is added to the group, as  is the account of the logged in user — this is assumed to be the appropriate administrator account for the Zetafax Server. Users should ensure that the account they are logged in as is one they would be happy to have added to the Zetafax Admin's group. Note also that if the service account is global but the user is logged in with a local account, the creation of the Zetafax  Admin's group will fail as local accounts cannot be added to global groups.

 

The Zetafax Admin's group will be given wide-ranging rights over the Zetafax Server folder structure. This is necessary for the Zetafax Server to function and for the administrator to continue to perform tasks such as configuring the Zetafax Server, adding users, etc. It also means that anyone logged in with an account  that is a member of the Zetafax Admin's group could access confidential information from Zetafax user accounts, so appropriate precautions need to be taken (e.g. only authorized people are given the relevant administrator and service account  passwords).

 

User permissions

In general, all Zetafax user accounts should be associated with an NT user account. This NT account is then given Full Control over that Zetafax user's folder.  No other user (aside from members of the Zetafax Admin's Group) has any access to these folders.  Note however that if the Zetafax account  is not  associated with an NT account, no  security is applied  to this account.

 

Zetafax Groups

When a Zetafax Group is created, no security is applied to its folders. The  first time a Zetafax user is added to the group, security is applied so that  only that user and the Zetafax Admin's Group have access to the group's folders.  When subsequent Zetafax users are added to the group, they also get access  to the group folders. This access is removed if the Zetafax user is removed  from the group. Note that the above only applies when the Zetafax users are  associated with NT accounts. If a Zetafax group includes no Zetafax user associated  with an NT account, then no  security is applied to the group folders.

 

The Email Gateway

In general the security of the Email Gateway will depend on the email system  concerned. With the Microsoft Exchange Email Gateway there is one extra issue  administrators should be aware of. Two folders are created for temporary files  used for communication between the Zetafax Exchange Connector and the Zetafax  Server. Because these temporary files could contain sensitive information,  administrators should set appropriate permissions on these folders. The Zetafax  Admin's group and the account the Zetafax Exchange Connector run as should  both have full access to these folders.

 

gateway

 

Auto submit, archiving and LCR

It is possible for administrators to specify folders for these features which  will contain information from users' fax messages (although these will be  only temporary for LCR and Auto submit). If these folders are within the Zetafax  file system under the 'Server' folder (as they are by default), the enhanced  security will be applied to these folders. If these folders are locate elsewhere,  the administrator will need to apply security manually to these folders. Note  that the Zetafax Admin's group will need full access to these folders.

 

Related topics

Archiving of sent and received faxes

Least Cost Routing (LCR)

Zetafax Login

Adding new Zetafax users

Adding new Zetafax user groups

Setting up email gateway users

Server settings