19 Apr The 5 Controls of Cyber Essentials – 2 – Firewalls
As we explained previously, to achieve the Cyber Essentials Accreditation there are the 5 controls that must be implemented; Firewalls are one of them. They must be implemented as a form of protection across all network areas, extending to all internet-enabled devices.
We will now look at Firewalls in greater depth to be sure that, by the end of the blog, you know what needs to be done to be sure you achieve certification. We’ll explore how Firewalls work, how they can be deployed, and how to ensure a secure firewall configuration.
A ‘Firewall’ – The definition
‘Firewall’ refers to a number of technical instruments designed to regulate data traffic travelling between a trusted and an untrusted network. A ‘Firewall’ enables the enforcement of ‘security rules’ which exist to protect users on the ‘trusted network’ from cyber threats originating from the ‘untrusted network’.
How do Firewalls work?
Firewalls filter traffic passing across a network boundary based on a set of predetermined rules. The firewall administrator manages these ‘rules’; configuring the Firewall to block high-risk actions, whilst simultaneously permitting access to the online services required by users. Firewalls ‘filter’ data using a number of methods – three of the most common are:
Proxy Servers
A proxy server sits outside your network and allows end users to access web services in a more secure way. It allows for the application of web filtering and Firewall protections. Using a proxy improves online security and privacy in a number of ways:
- IP address concealment. A proxy server accesses web servers on your behalf and keeps your IP address hidden, in turn, preventing the web server from knowing the origin of the request, resulting in a private browsing experience.
- Encryption. Some proxy servers can be configured to encrypt web requests. This makes sensitive data unreadable to hackers who might try to intercept it over insecure networks.
- Web Filtering. Schools, colleges and other public bodies often use proxy filters to restrict access to inappropriate web content. This is useful in a business setting too, not only to block such access but also in terms of security, as filtering can be used to block access to websites that often carry heightened security risks – such as gambling sites.
Packet Filtering
Packet filters apply restrictions to data packets by examining the source and destination, IP and port addresses, and blocking or allowing passage based on the rules put in place.
Packet filters are the affordable and most common way to implement Firewall protection. Unfortunately, due to the filters being relatively unsophisticated, many experienced hackers know how to work around them. It is recommended to use filtering in conjunction with other more elaborate forms of Firewall protection to be sure they are sufficiently backed up.
Stateful Inspection
Like ‘Packet filtering,’ Stateful Inspection also involves the examination of information carried by data packets. Stateful inspection, however, involves more of a forensic analysis; it ensures that inbound packets are in response to a corresponding outbound request. This means that if incoming data is expected, access can be allowed, while any data that isn’t the result of an active request is blocked.
Deploying a Firewall
The size of your network plays a big part in determining the best way to implement firewall protections.
In a very small network featuring a handful of endpoint devices software Firewalls installed on each device may offer sufficient protection as long as they are managed effectively.
Larger networks, on the other hand, require protection at the network’s boundary. Managing software Firewalls across a large number of devices isn’t practical and would take unnecessary time and effort. Firewall routers can be used to implement basic protections, while a dedicated Firewall appliance will typically enable more advanced protection, and be able to handle greater traffic.
Ensuring your Firewall is securely configured
As well as having Firewall protections in place, it’s imperative to configure and manage your Firewall in a way that ensures high levels of security.
Install software Firewalls on portable devices
It’s important to ensure portable devices feature device-level Firewall protection in case they are used outside your network.
Configure Firewall ‘rules’
By default, Firewalls block all inbound traffic (unless a rule permits) and allow all outbound traffic (unless a rule prohibits). You should configure ‘rules’ in your Firewall’s configuration settings to fine tune your users’ experience on your systems – the rules should allow your employees access to the resources they need while restricting access to unnecessary web services. Choose to block traffic or enable access based on a number of factors, including:
- Protocol
- Port range
- Sources (restrict inbound traffic based on where it’s coming from)
- Destinations (restrict outbound traffic based on where it’s going to)
Applying ‘rules’ to outbound traffic is just as important as it is for inbound traffic. If your network becomes infected with Malware, for example, and the rules around outbound traffic are ignored you could be allowing hackers the opportunity to strip data from your servers and devices, and the Firewall wouldn’t act to stop this.
Withdraw ‘permissive’ rules when they are no longer needed
Leaving permissive rules on the system unnecessarily is like ‘leaving the door open’ to cyber criminals. It’s important to identify and remove unused rules regularly to avoid a build-up of security vulnerabilities.
Safeguard administrative accounts with strong passwords and authentication protocols
The Firewall Administrator’s account should be an impenetrable fortress as a breach of this account could be catastrophic in terms of network security. A cyber criminal could have freedom to destroy the system from the inside out if they wished to.
- Use strong passwords. Such accounts should be accessed using long, complex passwords featuring a random series of letters, numbers and special characters.
- Use two factor authentication. Use additional access criteria to verify the identity of those accessing administrative accounts.
- Restrict access to a small number of devices. Make administrative capabilities only accessible via a small number of ‘trusted’ IP addresses. These could be PCs configured with limited functionality to reduce cyber risk.
Carefully record and manage Firewall rules
You should appoint someone to oversee the management of the Firewall and the implementation and removal of ‘rules.’
Helping you achieve cyber Security in your organisation
Our team of experts will help you achieve cyber security in your business. We cannot stress enough that security is not a luxury but an essential part of protecting any business in the digital age – that is why we take a security-first approach. With the Cyber Essentials Accreditation, you can be sure that you have the infrastructure in place to guarantee a secure future for your business. We will educate your employees to guarantee they are doing their utmost toward protecting the security of your organisation. We go above and beyond in helping our clients and their teams get more value from their technology by providing education. We guarantee that our clients always come first, and employ a straightforward approach that provides a strong relationship between our team and yours. Contact us now and find out how we can help your business both to achieve the Cyber Essential Accreditation and to work securely when online.
