| Statement of Intent |
|
|
| Sabah.Net |
|
|
| e-Gov |
|
|
| Forms |
EGS-1: new
e-mail account
EGS-2:
sub-domain name
EGS-3: notification of transfer
EGS-4:
notification of change |
| |
Firewall
Firewall compromise would be potentially disastrous to subnet security. For this
reason, agencies will, as far as is practical, adhere to the below listed stipulations
when configuring and using firewalls.
Limit firewall accounts to only those absolutely necessary,
such as the administrator. If practical, disable network logins.
Use smartcard or authentication tokens to provide a much
higher degree of security than that provided by simple passwords. Challenge-response and
one-time password cards are easily integrated with most popular systems.
Remove compilers, editors, and other program development tools
from the firewall system(s) that could enable a cracker to install Trojan horse software
or backdoors.
Do not run any vulnerable protocols on the firewall such as
TFTP, NIS, NFS, UUCP.
Consider disabling finger command. The finger command can be
used to leak valuable user information.
Consider not using the e-mail gateway commands (EXPN and VFRY)
which can be used by crackers to probe for user addresses.
Do not permit loopholes in firewall systems to allow friendly
systems or users special entrance access. The firewall should not view any attempt to gain
access to the computers behind the firewall as friendly.
Disable any feature of the firewall that is not needed,
including other network access, user shells, applications, and so forth.
Turn on full-logging at the firewall and read the logs weekly
at a minimum.
|
|
