Logo Transparent

Cyber Essentials Controls

Cyber Essentials Firewalls

A firewall is a security control that monitors incoming and outgoing network traffic and decides what should be allowed or blocked based on a defined set of rules. In simple terms, it acts as a barrier between trusted systems inside your organisation and untrusted networks such as the internet. Firewalls are one of the core controls within Cyber Essentials because they help reduce exposure to unauthorised access and common online threats.

Types of Firewalls

 Boundary Firewalls

A boundary firewall is positioned at the edge of your network and is designed to control the traffic flowing in and out. For many small businesses, this role is often carried out by the internet router. In larger or more complex environments, it may be a dedicated hardware firewall or a cloud or virtual firewall. Its purpose is to create a protective boundary between your internal systems and the wider internet by applying firewall rules based on factors such as source, destination, and protocol.

Boundary firewalls are especially important because they help block unauthorised inbound connections before they ever reach your internal devices. When properly configured, they reduce the attack surface of your organisation and form the first line of defence against internet-based threats.

Software Firewalls

A software firewall, sometimes called a host-based firewall, protects an individual device rather than the whole network. It is installed as part of the operating system or as security software on the computer itself. Most modern operating systems include one by default. Because the protection is tied to the device, the firewall rules remain in effect wherever that device is used, including outside the office.

Software firewalls are particularly important for laptops and devices used on untrusted networks, such as public Wi-Fi in cafes, hotels, or shared workspaces. In these situations, the host-based firewall may effectively become the device’s boundary firewall.

Types of Firewalls: Virtual Firewalls

In virtualised and cloud environments, firewall functionality can also be delivered through a virtual firewall. These work in a similar way to traditional firewalls but are designed to protect virtual machines, cloud workloads, or traffic between hosted services. A virtual firewall can sometimes serve as the organisation’s boundary firewall, provided it is the point where the appropriate firewall controls are being enforced.

Good cyber security practice usually means using more than one layer of firewall protection. Many organisations will have a boundary firewall at the edge of the network, alongside software firewalls on individual devices. This layered approach provides broader protection for office-based systems, remote workers, and mobile devices. 

Cyber Essentials Firewall Requirements

Cyber Essentials requires organisations to put practical firewall controls in place to reduce the risk of unauthorised access. In summary, organisations should:

  • block unauthenticated inbound connections by default
  • ensure inbound firewall rules are approved and documented by an authorised person
  • remove or disable permissive firewall rules promptly when they are no longer needed.
  • use a host-based firewall on devices used on untrusted networks.
  • change default administrative passwords or disable remote administrative access.
  • prevent access to the firewall administrative interface from the internet.

Home Workers

Home workers are treated slightly differently under Cyber Essentials. A home router is not normally in scope unless it has been supplied by the organisation. However, any device used to access organisational data or services must still be protected, which means its software firewall should be turned on and securely configured

Smart Phones

Cyber Essentials does not generally rely on traditional firewall software for smartphones in the same way it does for laptops or desktops. Instead, protection for mobile devices is more focused on using trusted apps and managing how software is installed. As long as mobile users only install reputable applications from approved sources, this is generally considered the appropriate protection model.

Virtual Private Networks (VPNs)

Where a VPN is used, Cyber Essentials requires a single tunnel VPN. This means the user’s traffic is routed back through the organisation’s firewall, so the company retains control of the security boundary. A split tunnel VPN is not acceptable because some traffic bypasses the organisation’s firewall and goes directly to the internet.

Why Firewalls Matter

Firewalls are a fundamental part of Cyber Essentials because they help control how devices and systems communicate with the internet. Whether you are using a boundary firewall, software firewall, virtual firewall, or a combination of all three, the goal is the same: to reduce exposure to unauthorised access and protect organisational systems from common cyber attacks.

Cyber Essentials FAQ
telephone-call

Schedule a free 30 minute consultation with a KEYSIGMA Cyber Advisor

Book a Call
The Five Cyber Essentials Controls
Firewalls
Firewalls
Security Update Management
Security Update Management
Anti Malware Configuration
Anti Malware Configuration
Secure Configuration
Secure Configuration
Access Control
Access Control