Back

Disable Post Office Protocol unless its use is absolutely necessary.


CONTROL ID
01486
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Is the system configured to filter Post Office Protocol? (Table Row VI.10, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Only enable POP if absolutely necessary. (§ 2.8, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.0.5)
  • Only enable POP if absolutely necessary. (§ 2.8, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.1.1)
  • Only enable POP if absolutely necessary. (§ 2.8, The Center for Internet Security Slackware Linux Benchmark, 1.1)
  • Only enable POP if absolutely necessary. (§ 2.8, The Center for Internet Security SuSE Linux Enterprise Server Benchmark, 2)
  • For Windows 2003 Server, the organization must configure the permissions for Microsoft PO¶ 3 Service to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. (Table F-2, CMS Business Partners Systems Security Manual, Rev. 10)
  • The POP service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • pop3 service should be enabled or disabled as appropriate Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1 (11) #22 (CCE-4913-0, Common Configuration Enumeration List, Combined XML: AIX 5.3, 5.20130214)
  • pop3 service should be enabled or disabled as appropriate Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1 (11) #22 (CCE-5856-0, Common Configuration Enumeration List, Combined XML: HP-UX 11.23, 5.20130214)
  • pop3 service should be enabled or disabled as appropriate Technical Mechanisms: via xinetd Parameters: enabled/disabled References: 10.8.10.5.4.1 (11) #22 (CCE-6427-9, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 4, 5.20130214)
  • pop3 service should be enabled or disabled as appropriate Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1 (11) #22 (CCE-6614-2, Common Configuration Enumeration List, Combined XML: Sun Solaris 8, 5.20130214)
  • pop3 service should be enabled or disabled as appropriate Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1 (11) #22 (CCE-7274-4, Common Configuration Enumeration List, Combined XML: Sun Solaris 9, 5.20130214)