Get Cyber Essentials certified – Firewalls

Firewall protection is one of the key components required to achieve Cyber Essentials certification. In this article we’ll take a brief look at how firewalls work, the different types that exist and the various ways you can configure firewall protection in order to satisfy the requirements of the Cyber Essentials scheme.

What do Firewalls do?

In basic terms, a Firewall is a filter that applies restriction to traffic travelling between a ‘trusted network’ and an ‘untrusted network.’ ‘Trusted network’ refers to the network the Firewall has been configured to protect, and ‘untrusted network’ refers to an external environment from which threats originate – typically the internet.

Firewalls can be configured in 2 main ways: at the device level (a personal firewall) or at a network’s outer perimeter (boundary firewall).

How do Firewalls work?

Firewalls enforce a series of user-configured ‘rules’ which govern traffic passing in and out of a network. The Firewall’s administrator can monitor activity and introduce new rules to restrict activity that is deemed a threat to the network’s security. Let’s look at the 3 types of filtering used to apply these rules.

Packet Filtering. Data that travels across the web is carried in ‘packets.’ These ‘packets’ contain the information you wish to send (the contents of an email for example) but also feature additional information such as a packet’s destination, origin and the protocol being used for the data transfer. Packet Filtering looks at this additional information and allows the passage of data packets deemed low risk according to a set of pre-determined rules. For example, if the destination and source IP addresses are the same, then the packet is less likely to be a threat. While packet-filters are tried, tested and cheap to implement, they aren’t effective at blocking more advanced Cyber-attacks. It’s therefore not advisable to use packet filtering as your only form network-level protection.

Proxy Server. Without getting too technical, a Proxy Server acts as an intermediary between end-users and the internet. Proxy servers are used to implement Firewall protections in several ways:

• IP address concealment. Like a VPN, a proxy server hides the IP address of the device making the request. The web server at the other end sees the IP address of the proxy and doesn’t know where in the world the original request was made from.
• Some proxy servers can encrypt data in transit, again like a VPN although not all proxy servers do this.
• Web Filtering. Web filtering capabilities make proxy servers a popular choice in environments where administrators wish to block access to inappropriate content – they are used by schools and colleges for this reason. From a security standpoint, such filtering is useful for blocking high-risk website types, such as gambling sites.

Stateful inspection. Somewhat similar in concept to ‘packet filtering’ (but more advanced), a stateful inspection takes a closer look to ensure transiting inbound packets match up to a corresponding outbound request.

How do I go about configuring a Firewall?

The most suitable route to deploying a firewall depends on the size of the network being protected. For small businesses with a handful of endpoint devices, Firewall protections can be implemented using the software at device-level. These personal firewalls combined with other threat prevention measures such as removing unnecessary services, using anti-malware software, and undertaking diligent patch management should be sufficient to ensure network security.

Device-level firewalls alone are impractical and difficult to manage on larger networks, which require the use of boundary firewalls. Such organisations should at very least configure a firewall at router-level or invest in a physical or cloud-hosted firewall server.

Firewall ‘Good Practice’

For Cyber Essentials compliance you should protect every device in your network with Firewall protection. Additionally, make sure you’re managing your Firewall controls effectively, in a way that further minimises risk. Consider the following.

Configure software firewalls on mobile devices. If a device is likely to be used outside your business’ network, it must feature the added protection of a software firewall. Such devices might include mobile phones, tablets and laptops used to permit remote working. Often such devices will be used in high-risk networks such as public WiFi, making the deployment of technical security measures more important.

Apply ‘rules’ to block untrusted activity. Having firewall capabilities is not enough, you’ll have to prove that it is set up to restrict certain traffic deemed ‘high risk.’

Withdraw ‘rules’ when they are no longer needed. As business requires the use of more services over time, the Firewall administrator configures new rules to permit access. However, as certain services fall out of favour, it is important that these rules are then removed to close a loophole that could be exploited by cybercriminals.

Enforce effective password protection for administrators. Make sure Firewall configuration is safeguarded by strong password protection. Administrators should use long, complex passwords.

Limit administrative access to the bare minimum. Only grant administrative permissions to members of your team based on a demonstrable business need. If a number of individuals require Firewall management permissions, consider introducing additional access controls such as:

• Two-factor authentications
• IP address limits – restrict administrative access to a small number of computers.

Record all approved Firewall rules. Assign rule management responsibilities to an individual in your team. They should document and record rules as they are added and removed so an inventory of ‘active’ rules can be sought at any given time.

A Firewall acts as the first line of defence for your network and all the devices that reside within it. Cyber Essentials requires blanket Firewall protection for your network, so contact your IT partner or liaise with your IT department to make sure your Firewall protection is up to the job.

Here at 4TC, we can help your business with all aspects of cybersecurity.

Our expertise covers a wide range of bases, from proactive maintenance and Backups to full-network anti-virus and managed anti-spam solutions.  We provide managed services, project management and advice to ensure the businesses we work with remain out-of-bounds to Cybercriminals.