Firewalls

Cyber Essentials requires that you safeguard all internet-connected devices with Firewall protection. Let’s explore this requirement in greater detail; we’ll look at the various types of Firewall and the ways in which you can implement this control to ensure Cyber Essentials compliance.

 

What is a Firewall?

In computing, a Firewall is a system that places controls on incoming and outgoing network traffic. It allows a series of security rules to be enforced to protect users on a ‘trusted network’ from external threats originating from an ‘untrusted network’- the internet for example.

There are 2 main types of firewall: personal firewalls and boundary firewalls. Personal firewalls apply to single devices whereas boundary firewalls exist at the perimeter of a local network – both, however, perform a similar function.

 

What do Firewalls do exactly?

Firewalls allow filters to be applied and rules enforced regarding traffic to and from the network. Firewall administrators can monitor and restrict certain actions that might place the company’s network at risk from cyber threats. Firewalls employ 3 methods to filter traffic flowing between the trusted and the untrusted networks:

  • Packet Filtering. Packet Filters assess each ‘packet’ of data that passes across the firewall and decides whether to let it proceed based on a set of rules that you can configure. Packet filters are cheap to implement and have been around for a long time. They are useful, but it’s not advisable to use a packet filter as your only implementation of a Firewall as more sophisticated hackers are able to get around them.
  • Proxy server. A Proxy server acts as a middleman between individual users and the internet. It offers Firewall protections in a number of ways:
    • It can hide your IP address. Like a VPN, a proxy server conceals the IP address of the device making the request. This means the webserver doesn’t know your geographical location.
    • It offers encryption. Data travelling between the Proxy server and the external service can be made unreadable.
    • It acts like a web filter. Proxy servers are commonly used in schools and colleges to block access to inappropriate web content. Businesses can use web filtering like this to block access to sites often regarded as high-risk such as gambling or adult content sites.
  • Stateful Inspection. Similar but more advanced than packet filtering, Stateful Inspection involves analysing packets to ensure that incoming data is a response to a corresponding outbound request.

 

How do I implement a Firewall?

How you choose to implement a firewall will depend largely on the size of your network. In networks with a small number of endpoint devices software firewalls can be configured on each device to permit certain types of safe traffic. This, in addition to patch management, removal of unwanted services and ensuring security software is maintained should be enough to keep the network secure.

In larger networks, the approach above becomes laborious and unmanageable. Larger networks at very least require a firewall router or a physical firewall appliance to protect users at the network’s outer perimeter.

 

Configuring a Cyber Essentials compliant Firewall

Cyber Essentials requires that a Firewall be used to protect every single device in a public network. To ensure compliance consider the following:

  • Use software firewalls on devices that could be used outside your network. If an endpoint device (such as a laptop or tablet) is likely to be used outside of your network, then it must feature a properly configured software Firewall. An untrusted network might include public WiFi – a risky environment where great care should be taken to protect data.
  • Apply restrictions to block untrusted content. Having a firewall is one thing, you should also be able to provide evidence that it is configured to block unauthenticated connections.
  • Remove ‘permissive’ rules when they are no longer required. Firewall administrators get used to adding rules as a business grows and requires the use of more services, but it’s equally important that old, unused rules are deleted when they are no longer required by network users. Over time, these forgotten, unused rules could be exploited by cybercriminals.
  • Administrative access should feature strong password protection. Administrator passwords should be long and complex, consisting of a random series of numbers, letters and symbols. Additionally, consider disabling remote administrative access for added security.
  • Restrict administrative access as much as possible. Only extend administrative access to members of your team if there is a demonstrable business need to do so. If a number of employees require administrative powers consider additional security controls such as:
    • 2 Factor authentication
    • Limiting administrative access to a small number of trusted IP addresses.
  • The document approved Firewall rules. An appointed individual should be responsible for the rule approval and documentation process.

 

Rather than eliminate pre-existing threats, a firewall acts as a filter to prevent various types of online threat from reaching your network in the first place. Comprehensive Firewall protection that covers every node of your IT infrastructure is a fundamental element required to achieve Cyber Essentials accreditation. Get in touch with your IT partner to ensure your Firewall meets the required standard.

 

We’re YorCyberSec

We save companies time, money, and valuable resources, making sure more than just an internet search is performed before an investment is made. We take the time to understand the business and requirements, then look at the market and provide options that will are fit for purpose and pre-scoped.

Call Us Today: 0113 3720200 or send us an email: enquiries@YorCyberSec.co.uk