Cybersecurity: Boundary firewalls and Internet gateways
Firewalls and gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps protect the system against unwanted programs, a firewall helps to keep attackers or external threats from gaining access to your system in the first place.
The firewall monitors all network traffic and can identify and block unwanted traffic that could be harmful to your computer, systems and networks. The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).
Why are firewalls important?
Firewalls create a buffer between your IT network and other, external networks.
Remember that the Internet is basically a public network. This means that any connected computer can find and connect to any other connected computer. A firewall helps create a barrier between the Internet and your own computer or network. It enables you to program what can get out and what can come in.
A firewall can help protect against:
- Criminal hackers trying to breach your network
- Viruses that spread from computer to computer over the Internet
- Some outgoing traffic originating from a virus.
How to protect yourself
For all firewalls (or equivalent network devices), your organisation should routinely:
- Change any default administrative password to an alternative – using best practices – or disable remote administrative access entirely
- Prevent access to the administrative interface from the Internet unless there is a clear and documented business need, and the interface is protected by one of the following controls:
- A second authentication factor, such as a one-time token, or
- An IP whitelist that limits access to a small range of trusted addresses
- Block unauthenticated inbound connections by default
- Ensure inbound firewall rules are approved and documented by an authorised individual; the organization need must be included in the documentation
- Remove or disable permissive firewall rules as soon as they are not needed. Use a host-based firewall on devices that are used on untrusted networks, such as public Wi-Fi hotspots.
View another Cyber Essentials control:
Speak to an expert
For more information about the Cyber Essentials Scheme, get in touch with one of our experts today.