Cyber Essentials Firewalls
Firewalls have been the first line of defense in network security for over 25 years and are a crucial security requirement. The cyber essentials firewall controls ensure that only safe and necessary network services can be accessed from the Internet.
Cyber Essentials - Firewalls Requirements
Introduction
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules known as firewall rules.
Firewalls establish a barrier between secured and controlled internal networks that can be trusted and untrusted external networks such as the Internet and are a key control in the cyber essentials framework.
The Two Types of Firewalls
Boundary Firewalls
Boundary firewalls are network devices that can restrict the inbound and outbound network traffic to services on its network . It can help protect against cyber attacks by implementing restrictions that can allow or block traffic according to its source, destination and type of communication protocol.
Host-Based Firewalls
Alternatively, where an organization does not control the network a device is connected to, a host-based firewall must be configured on a device. This works in the same way as a boundary firewall but only protects the single device on which it is configured.
Host-based firewalls can provide more tailored rules and means that the rules apply to the device wherever it is used. Host based firewalls do however increase the administrative overhead required to manage firewall rules.
Cyber Essentials Firewall Requirements
The cyber essentials certification requires organisations to :
• Block unauthenticated inbound connections by default.
• Ensure inbound firewall rules are approved and documented by an authorized individual.
• Remove or disable permissive firewall rules quickly, when they are no longer needed.
• Use a host-based firewall on devices which are used on untrusted networks, such as public Wi-Fi hotspots.
• Remove or disable permissive firewall rules quickly, when they are no longer needed.
• Routinely change any default firewall administrative passwords to an alternative that is difficult to or disable remote administrative access entirely.
• Prevent access to the firewall’s administrative interface from the Internet [unless there is documented business need and the interface is protected by either a second authentication factor or a limited IP allow list.
