Cyber Essentials – Boundary Firewalls (Guide)

Introduction to Network Security and Firewalls

In our digitally connected world, securing network services from unauthorised internet access is paramount. This is where the concept of firewalls, especially boundary firewalls, becomes vital. Firewalls act as the gatekeepers of your network, controlling the traffic that enters and exits, and thus, playing a key role in preventing cyber attacks.

What is a Boundary Firewall?

Networks require robust security measures; firewalls are the first line of defence at the edge of your network. Firewalls play a critical role in directing data between your private network and the internet, making their security configuration crucial. A boundary firewall is a network device designed to restrict inbound and outbound traffic to a network of computers and mobile devices. By implementing specific rules, it allows, or blocks traffic based on its source, destination, and type. For organisations without control over network traffic, software firewalls on individual devices are essential. Though this provides more tailored protection, it increases administrative tasks in managing firewall rules.

Cyber Essentials and Firewall Configuration

For compliance with IASME’s Cyber Essentials security standard organisations must use:

1. Supported Firewalls: Ensure firewalls are current and receive active support updates and maintenance.
2. Strong Administrative Passwords: Replace default passwords with long, complex, unique ones or disable remote administrative access to mitigate unauthorised access risks.
3. Restrict Administrative Interface Access: Limit access to the firewall’s administrative interface from the internet, securing it with multi-factor authentication or IP allow lists, alongside robust password management strategies.
4. Default Blocking: Configure firewalls to block unauthenticated inbound connections by default, thereby preventing unauthorised access.
5. Rule Management: Ensure all inbound rules are approved by appropriate personnel, documented, and necessary for business operations.
6. Rule Maintenance: Remove or disable rules that are no longer needed within a timely manner, to avoid potential security gaps.
7. Software Firewalls on Untrusted Networks: Implement host-based firewalls on devices when connecting to less secure networks, such as public Wi-Fi, to provide an additional layer of security.

Conclusion: A Layer of Cyber Defence

In conclusion, firewalls, like physical barriers in the real world, offer a vital layer of defence in the digital domain. Through effective management of boundary firewalls and an understanding of their integral role in network security, organisations can significantly bolster their defences against the evolving landscape of cyber threats. This comprehensive approach is fundamental in achieving and maintaining compliance with IASME’s Cyber Essentials, ensuring a robust cybersecurity posture.

Further Learning:

Best Practices and Exceptions

For optimal security, combining a software firewall on each computer with a hardware or virtual boundary firewall is advised.

Firewall Rules and Management

Firewalls operate using an access control list to determine what traffic is allowed or denied. Network administrators must tailor these rules for their specific needs while ensuring basic settings are sufficient for most users.

The Significance of Open Ports

Careful management of open ports is critical. While they allow external access to certain services, they can be exploited if not properly configured. Organisations must document the need for open ports and close them when no longer necessary.

Types of Firewalls

• Hardware Firewalls: Used primarily by large organisations, these are physical devices that monitor, and control network traffic based on predefined rules.
• Software Firewalls: Installed on individual computers, they protect the device regardless of the network it connects to. They are particularly useful for devices used on untrusted networks like public Wi-Fi.
• Virtual Firewalls: These firewalls are software-based and secure network traffic within virtualised environments like cloud systems or virtual private servers. They offer functionalities like physical firewalls, such as packet filtering and intrusion prevention, but with added flexibility and scalability.