These requirements are strongly recommended, however it is recognised that these are not possible in all instances. Failure to comply to these requirements may degrade the security of the firewall.

Testing Procedures

It is recommended that procedures exist for testing the firewall before it is the changes are installed on the firewall. If the firewall policy is altered then there need to be a process where by the new policy is tested before it is ‘burnt’ into the actual firewall. This is done to ensure that the changes to the firewall do not have a negative effect on its operation.

User names / passwords for managing the firewall.

Windows NT is not considered secure when unauthorised people get physical access to the com-puter. This includes the ability to obtain usernames/passwords (using tools like NTFSdos and L0phtcrack), and if such tools as MS SMS, PC anywhere etc. are being used for managing the com-puter, others may watch the local console monitor to obtain and possibly also interrupt the remote man-agement session. Few people (1-5) should be allowed access to the firewall. This includes physical access, local logon (Windows NT) and remote firewall logon. Windows NT remote access should not be allowed.
Hard-to-guess usernames and password should be used. Each user with read or read/write access to the firewall configuration should be identified by unique usernames.

Management stations that can access and configure the firewall

During installation you must set DNS host names and/or IP addresses of those man-agement stations allowed to access the firewall. We recommend using IP addresses instead of DNS host names, as this increases the risk of spoofed DNS attacks to the firewall management ports.