Unified gateway to Internet access (UGIA) and Unified gateway of e-mail (UGEMEG)
JSC “State Technical Service” provides support for a Single gateway for Internet access and a Single gateway for e-mail “electronic government” in accordance with paragraph 6) paragraph 1 of Article 14 of the Law of the Republic of Kazakhstan “On Informatization” (hereinafter – the Law).
A single gateway for Internet access is a hardware and software complex designed to protect telecommunications networks when accessing the Internet and (or) communication networks with Internet access.
The unified e–mail gateway of the “electronic government” is a hardware and software complex that ensures the protection of e-mail of the “electronic government” in accordance with the requirements of information security. In accordance with article 30 of the Law:
1. Connection of local, departmental and corporate telecommunications networks of state bodies, local self-government bodies, state legal entities, quasi-public sector entities, as well as owners or holders of critical information and communication infrastructure objects to the Internet is carried out by telecom operators through a Unified Gateway to Internet Access (quasi-public sector entities — state-owned enterprises, limited liability partnerships, joint-stock companies, including national management holdings, national holdings, national companies of which the state is a participant or shareholder, as well as subsidiaries, affiliates and other legal entities affiliated with them in accordance with the legislative acts of the Republic of Kazakhstan in accordance with 31) paragraph 1 of Article 3 of the Budget Code of the Republic of Kazakhstan dated December 4, 2008 No. 95-IV.
2. The connection of local, departmental and corporate telecommunications networks of state bodies and local self-government bodies to the Internet is carried out in accordance with uniform requirements in the field of information and communication technologies and information security.
3. Special state and law enforcement agencies for operational purposes, the National Bank of the Republic of Kazakhstan may organize Internet connections without using a Unified Gateway to Internet Access.
4. Electronic interaction of the state body’s e-mail with external e-mail is carried out by redirecting electronic messages through a Unified Gateway of Email of the “e-government”. In accordance with paragraph 5) paragraph 1 of the Decree of the Government of the Republic of Kazakhstan No. 965 dated September 14, 2004. “On certain measures to ensure information security in the Republic of Kazakhstan” (hereinafter referred to as the Resolution) in order to maintain the security of state electronic information resources and information systems, the functioning of state electronic information resources, information systems that provide public services via the Internet is carried out through a Unified Gateway to Internet Access.
According to paragraph 6) of paragraph 1 of the resolution, the list of categories of Internet resources to which access is restricted by means of a Unified Gateway to Internet Access (hereinafter referred to as the List) is determined by the state body itself.
The specified list and lists of network addresses of information and communication networks of state bodies and their territorial divisions that receive access to the Internet are sent to the State Technical Service for execution.
Root certificate of a Single Internet Access Gateway
Ticket system for submitting an application to technical support support.sts.kzsupport.sts.kz
Telegram-channel for consultations and prompt resolution of issues-USIAGPublic within the framework of the Unit https://t.me/usiag
Frequently Asked Questions about Unified Gateway of Email of “electronic government”
What is Unified Gateway of Email of “electronic government”?
Hardware and software complex designed to protect users (government agencies, quasi-government agencies, local governments, state legal entities, owners of quasi- governmental sectors) from threats when they access the Internet, communication networks that have access to the Internet, as well as from the Internet towards the users of the Internet. ESDI includes the following functionality: Protection against DOS/DDoS, streaming antivirus, IPS (protection against attacks on network application software, exploitation of vulnerabilities), Botnet control, web filtering (more than 70 categories), DNS filter, WAF for web resources located inside the perimeter of UGIA. To ensure the full functionality of antivirus, IPS, web filtering, etc., the technology of inspection of encrypted traffic is used.
According to what normative legal acts does the UGIA function?
UGIA operates in accordance with Articles 14, 30 of the Law of the Republic of Kazakhstan “On Informatization”, Uniform requirements in the field of information and communication technologies and information security of the Decree of the Government of the Republic of Kazakhstan dated December 20, 2016 No. 832, the Rules for the operation of a single gateway for Internet access and a single gateway for e-mail “electronic government” order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated October 13, 2020 No. 386/NK
What is blocked on Unified Gateway of Email of “electronic government” by default?
- VPN applications (Freegate, OpenVPN, Betternet, Ultrasurf, L2TP, OperaVPN, etc.), remote access tools (RDP, Teamviewer, Anydesk, VNC, AeroAdmin, etc.), P2P (Torrent, SopCast, etc.), game resources (Steam, Garena, PUBG, Fortnite, etc.), malicious IR and software, unknown applications that are not included by default in the list of categories of IR and software.
- Other services on UGIA (including IPsec VPNs, network ports) are not blocked, and their blocking is determined by the organization itself connected to ESDI by sending an official letter to JSC “STS”. (At the moment, at the initiative of JSC “STS”, work is underway to change the NPA in order to simplify interaction with users in order to reduce official correspondence and make greater use of the ticket system support.sts.kz . After making changes to the NPA, this information will be brought to the users of the UGIA)
User actions when connecting to the UGIA:
- Get acquainted with the Regulatory legal act, by regulating the activities of the UGIA;
- Study the «Uniform requirements», and also find out that according to «Uniform requirements», the following services are blocked on UGIA: VPN applications (Fregate, OpenVPN, Betternet, Ultrasurf, L2TP, OperaVPN, etc.), remote access tools (RDP, Teamviewer, Anydesk, VNC, AeroAdmin, etc.), P2P (Torrent, SopCast and etc.), game resources (Steam, Garena, PUBG, Fortnite, etc.), malicious IR and software, unknown applications that are not included by default in the list of categories of IR and software;
- Explore the list of categories of information resources and software in UGIA. According to these lists, issue an official request to JSC “STS” to open / close access to certain resources. This letter should be updated on an annual basis. The list of information resources and software categories can be downloaded from sts.kz/eshdi;
- Take into account the fact that the UGIA uses the technology of inspection of encrypted traffic. In order to ensure the correct functioning of Internet services, users of UGIA need to install the appropriate UGIA certificate on each host with Internet access, according to the instructions (sts.kz/eshdi ). In the absence of installed certificates, Internet services will function incorrectly;
- In case of technical problems, conduct interaction through the UGIA ticket system support.sts.kz . The instructions for submitting applications can be downloaded from sts.kz/eshdi .
Does TeamViewer/Anydesk/RDP not work after connecting to UGIA?
According to the «Uniform requirements»,, remote access tools are prohibited in Unified Gateway of Email of “electronic government”. We recommend using IPsec VPN tunnels.
Why do I need to install a certificate in the UGIA?
The UGIA certificate is used to inspect encrypted traffic in order to detect malicious software, various Botnets, correct web filtering, etc. After all, about 80 percent of traffic today is encrypted and standard security tools simply will not be able to detect this or that malware if the traffic is encrypted. If the user does not install the UGIA certificate, then most of the Internet resources will be inaccessible to the user.
How are the rules applied in relation to a particular organization in Unified Gateway of Email of “electronic government”?
- The application of the rules in relation to a particular organization on the UGIA is carried out through the use of a public IP address used by an organization connected to the UGIA.
- A public IP address is an IP address used to access the Internet. This address is unique throughout the Internet. So-called private IP addresses are used in the local network of organizations. When submitting applications /official letters to JSC “STS”, it is necessary to specify only the public IP addresses of the organization.
How do I find out my public IP address?
- You can get it from your Internet access provider;
- You can use the relevant services on the Internet as: checkip.sts.kz , 2ip.kz, etc.
This or that site does not open. What to do?
If there are problems with access to certain resources of the organization connected to the UGIA, you need to create an application on the website support.sts.kz . When creating an application, it is mandatory to specify the public IP addresses of the organization, as well as the services with which accesses are observed. It will not be superfluous to leave up-to-date contact details for prompt feedback. The instructions for submitting an application can be found at sts.kz/eshdi
What does this banner mean?
This banner means that the user accesses an Internet resource that is blocked on the Internet by default (according to «Uniform requirements») or according to the official request of the organization to JSC «STS».
If you open a legitimate Internet resource that is not prohibited for your organization and the corresponding banner appears, there is a possibility:
- that this Internet resource is infected with malware;
- this resource does not have a corresponding category;
- the user uses various VPN applications, including as built-in extensions to the browser.
In order to check whether this resource is really malicious, you can check it yourself on the website virustotal.com by inserting the site address into the URL field. This service checks various files and links on a variety of antivirus tools available on the market.
If you use various VPN applications to circumvent restrictions, you must disable them and retry opening the site.
You need to create an application for support.sts.kz, if:
- the site has no category;
- this site is not malicious;
- this site does not belong to the categories prohibited by default on Unified Gateway of Email of “electronic government”;
- this site does not belong to the category that the organization has independently submitted for blocking by means of UGIA;
What does this banner mean?
This banner means that the functionality for protecting Internet resources located inside the UGIA perimeter has worked. There is a high probability that the device from which the attempt to connect to the Internet resource was made is infected with malicious software. In case of a false positive response, the user must create an application for support.sts.kz by attaching a screenshot indicating the IP address and date/time of the event.