15 Dec Cyber Essentials – Boundary Firewalls & Internet Gateways
Firewalls are one of the 5 key components required to achieve the Cyber Essentials certification. Let us take a look at how firewalls work, the different types and the various ways to configure them to ensure you satisfy the requirements of Cyber Essentials. Before we get into that let us start with the basics.
What is a Firewall and what does it do?
“In computing, a Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet ”.¹
In layman’s terms, a Firewall is an ultimate barrier sitting on the edge of your network (the trusted network) separating you from the rest of the internet (the untrusted network). If you consider a drawbridge on a castle, it allows and denies access; when access is permitted the drawbridge is down and monitored for what is coming in – when access is not permitted it is up shutting anything unwanted out. This same concept applies to Firewalls.
A Firewall’s role is to prevent those that are not permitted access to your network, stopping them from being able to gain control or visibility of your data or systems, while also providing secure access for those external to your network that you wish to permit access. This could include the provision of a VPN or certain network ports being open to third-party services, such as a VoIP phone system, for example.
How do I go about configuring a Firewall?
This depends completely upon the size of the network that needs protecting. For small to medium businesses with only a handful of end-point devices, you can implement Firewall software at device-level. A Firewall combined with other measures, such as anti-malware software, and being diligent with your patch management should ensure your network’s security. More on these later in the blog series.
For larger businesses, device-level Firewalls would be impractical, difficult to manage, and hard to ensure they do their job efficiently. Therefore, they require the use of boundary Firewalls, and should at the very least invest in a physical or cloud-hosted Firewall server.
How does this coincide with qualifying for Cyber Essentials certification?
To achieve compliance, you should protect every device in your network with Firewall protection. Managing those Firewall controls effectively is also another way of further minimising risk. Once having installed your Firewall software consider the following to ensure enhanced protection.
- Apply ‘rules’ to block untrusted activity. Having firewall capabilities is not enough – you will have to prove that it is set up to restrict certain traffic deemed ‘high risk.’
- Enforce effective password protection for administrators. Make sure Firewall configuration is safeguarded by strong password protection. Administrators should use long, complex passwords with numbers, letters and punctuation.
- Use software firewalls on mobile devices. If a device is going to be used outside of the already protected business network, it must have the added protection of a software Firewall. The use of technical security measures is important due to remote working devices such as laptops, tablets and mobile phones which are being used on high-risk networks such as public WIFI.
- Limit administrative access to the bare minimum. Allow permissions to employees based in the business who need to access that account or area. If several individuals require permissions introduce additional access controls wherever possible. More on these later in the blog series.
A Firewall is the first line of defence for your network and all the devices that reside within it.
We’re Netcom, we can protect your business
Do you want your business to prove it takes the right steps to protect the information held on behalf of your customers, and Cyber Essentials certification is a recognised step toward that. We at Netcom provide you with your Cyber Essentials certification upon passing and can guide you to ensure the pass as quickly as possible. Contact us now for more information.
For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.