Translation Results Requested Through Conyac Made Public

PHYSICAL SECURITY

• All gateway components should be physically secured and be placed in a restricted area.
• The computer room with these equipments placed should be well equipped to protect against physical or natural disasters.
• Lockable racks should be used to store these components.
• Regular monitor and review on the current physical protection e.g. examine site entrance or access logs, check cables for unauthorised taps, check door locks of racks and any sticking labels.
• Remove and erase all storage media before disposal, especially those containing system configuration.

LOGGING

• Enable logging functions wherever applicable in firewall, router, OS, web server and mail server.

• Keep logs such as the error logs, system logs, access logs, web server and mail server logs with adequate storage capacity available.
• Endeavor to log information such as invalid account login attempts, account misuse in websites, illegal or unauthorised attempts to websites, administrative and configuration updates, or specific information of requests, including requestor's IP address, host name, URL and names of files accessed.

• Logs should be reviewed regularly and kept for at least a week in a secure place. Write-once device such as optical disk may be used to record those log files.
• Logs showing intrusions and attacks should be kept properly for investigation and record.
• Consideration on privacy should be made when designing the types and details of information to be logged.

BACKUP AND RECOVERY

• Formal backup and recovery procedures should be established and well documented.
• All gateway components' configuration, log files, system files, programs, data and other system information should be backup regularly and whenever there is configuration change. Encryption may be applied to the backup if necessary.
• Backup copies should be kept in a secure place. Two backup copies for system configuration are preferably to be kept with one on-site and one off-site.