The Cyber Essentials Firewall Controls
Introduction
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules known as firewall rules. Firewalls establish a barrier between secured and controlled internal networks that can be trusted and untrusted external networks such as the Internet and are a key control in the cyber essentials framework.
Types of Firewalls
Boundary Firewalls
Boundary firewalls are network devices that can restrict the inbound and outbound network traffic to services on its network . A boundary firewall can be a hardware device and another type of boundary firewall is found at the entrance to your network within the router. For small business networks and home networks, the internet router is usually the boundary firewall.
Boundary firewalls acts as a protective buffer zone between your devices and the internet and can help protect against cyber attacks by implementing restrictions that can allow or block traffic according to its source, destination and type of communication protocol.
Software Firewall
A software firewall provides added internal protection within a network. The software firewall is installed on an individual computer and protects that single device. If multiple computers need protection, the software firewall must be installed and configured on each device. Most modern operating systems include a free software firewall already installed.
A software firewall controls the behaviour of specific applications (e.g. blocking access to certain websites) and can be set up differently for each computer depending on the required levels of access and permissions.
All devices must have a software firewall configured, where it is installed as part of the operating system.
Virtual firewalls
Another type of software firewall is the one built into the hypervisor; it is also known as a virtual firewall. A hypervisor is a piece of software that is installed over the hardware of a server to divide up the power of the server for use in different functions. The hypervisor turns the divided sections of the server into virtual machines (VM) and the server as a whole into a virtual server (VS). Like a traditional network firewall, a virtual firewall inspects packets and uses security policy rules to block unapproved communication between virtual machines. A virtual firewall can be a boundary firewall.
For best practice cyber security, use two types of firewall for ideal levels of protection in the work place. A software firewall on each computer within a private network and another one (physical or virtual) at the entrance or boundary to the organisation’s network.
Cyber Essentials Firewall Requirements
The Cyber Essentials standard requires organisations to:
- Block unauthenticated inbound connections by default.
- Ensure inbound firewall rules are approved and documented by an authorized individual.
- Remove or disable permissive firewall rules quickly, when they are no longer needed.
- Use a host-based firewall on devices which are used on untrusted networks, such as public Wi-Fi hotspots.
- Remove or disable permissive firewall rules quickly, when they are no longer needed.
- Routinely change any default firewall administrative passwords to an alternative that is difficult to or disable remote administrative access entirely.
- Prevent access to the firewall’s administrative interface from the Internet [unless there is documented business need and the interface is protected by either a second authentication factor or a limited IP allow list].
Exceptions
Home Workers
If employees work from home, their home router is not in scope for Cyber Essentials unless the organisation has supplied it. It is vital that home workers have their software firewalls configured securely on their devices that access organisational data and/or services.
Smart Phones
Smartphones do not come with firewalls as default. A firewall is not necessary on your mobile phone as long as you only download trusted apps from reputable sources.
Virtual Private Networks (VPNs)
If an organisation uses a virtual private network, Cyber Essentials requires the use of a single tunnel VPN. A corporate or single tunnel VPN is a secure solution that connects remote workers back to their organisation’s firewall and provides access to the organisation’s private network. The use of a split tunnel VPN does not transfer the internet boundary solely to the company firewall and is therefore not an acceptable option.
The Cyber Essentials Controls
How to Start Your Assessment
