In this blog series, we will discuss each of the Cyber Essentials scheme’s five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”. For our second blog post, we’ll be looking at using a firewall to secure your Internet. This includes configuring the firewall to protect all your devices, particularly those that connect to public networks.
If you’ve missed it, take a look at our first blog How Cyber Essentials can help secure your devices and software.
Firewalls: how they can protect your organisation
Firewalls are essential. They effectively create a buffer between your IT network and other, external networks. While antivirus software protects the system against unwanted programs, a firewall prevents threats from getting access to your system in the first place.
Remember that the Internet is basically a public network. This means that any connected computer can find and connect to any other connected computer. A firewall helps create a barrier between the Internet and your own computer or network. It enables you to program what can get out and what can come in.
A firewall can help protect against:
- Criminal hackers trying to breach your network;
- Viruses that spread from computer to computer over the Internet; and
- Some outgoing traffic originating from a virus.
Confirm that only safe and essential network services can be accessed from the Internet
There are various methods that firewalls use to filter out information. These can work at different layers of a network (and can be used in combination to increase the sophistication of filtering):
- Inbound: firewalls can be set up to prevent access to certain websites.
- Outbound: firewalls can be programmed to stop employees transmitting sensitive data.
Firewalls can also prevent external computers from accessing computers inside the network. The specific functions that firewalls can perform may include:
- Gateway protection;
- Implementing defined security policies;
- Segregating activity between your trusted network and the Internet;
- Hiding and protecting your internal network addresses; and
- Reporting on threats.
A robust firewall configuration in either hardware or software is crucial to be fully effective. The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).
How to protect yourself
The boundary firewall and Internet gateway is one of the five key controls of the Cyber Essentials scheme. Every device that falls under the assessment must be secured by a correctly configured firewall (or equivalent network device).
For all firewalls (or equivalent network devices), your organisation should routinely:
- Change any default administrative password to an alternative – using best practices – or disable remote administrative access entirely;
- Prevent access to the administrative interface from the Internet unless there is a clear and documented business need, and the interface is protected by one of the following controls:
- A second authentication factor, such as a one-time token; or
- An IP whitelist that limits access to a small range of trusted addresses.
- Block unauthenticated inbound connections by default;
- Ensure inbound firewall rules are approved and documented by an authorised individual; the organisation need must be included in the documentation; and
- Remove or disable permissive firewall rules as soon as they are not needed. Use a host-based firewall on devices that are used on untrusted networks, such as public Wi-Fi hotspots.
Being Cyber Essentials-certified demonstrates your commitment to cyber security. The details of any organisation that has certified to the scheme can be searched by anyone wishing to assess their supply chain on the NCSC’s (National Cyber Security Centre) dedicated page.