Cyber Essentials Toolkit v4 Implementation Guide
5 Implementing the five controls of Cyber Essentials 5.1 Control 1: Office firewalls and internet gateways Relevant Toolkit documents: • • • • • • •
Network Security Policy Firewall Rule Removal Process Firewall Configuration Standard Firewall Rule Change Log Firewall Review Form EXAMPLE Firewall Configuration Standard Network Diagram Example
Cyber Essentials certification requires that you configure and use one or more firewalls to protect all your devices from the Internet, including those that connect to public or other untrusted Wi-Fi networks. A firewall simply uses rules to block or allow traffic entering or leaving your network, and these rules can be changed according to what you need to achieve e.g. if you need to be able to log on to a work computer from home. A “Boundary Firewall” is a software or hardware device used to shield your internal network as a whole from the Internet. For a more complicated set-up with more than one location, you might require multiple boundary firewalls. Personal, or “host-based”, firewalls are usually included on desktop and laptop computers with operating systems, such as Windows, often at no extra charge, or they may be part of an antivirus suite. Make sure these are enabled on every device that has one. Some internet routers (for example, broadband routers) also act as boundary firewalls. But a firewall can also be a stand-alone piece of hardware connected to the router (search for “SOHO firewall” to see some examples). If you’re not sure, it may be appropriate to ask your internet service provider if your router contains a boundary firewall. To configure the firewall rules on a typical Internet router, you will connect to it from within your internal network using a browser such as Google Chrome and log on to the admin panel. We recommend starting with a Network Security Policy that defines your approach to securing your network(s) and provides some context to the setup of your firewall(s). Once that’s defined, it’s a case of making sure that your firewall rules are appropriate for your organisation and that any changes to them are properly justified so that holes which unwanted network traffic can exploit are not introduced over time. In the Toolkit, we provide a template standard for your firewall configuration and a way of recording changes to, and reviews of, your firewall rulesets. We also provide a diagram of a small network to show how the different components may fit together. It’s a good idea to create a picture of your own network both to aid understanding and document how it is structured.
www.certikit.com
Page 11 of 21
