The UK government’s Cyber Essentials Scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, against which they can achieve certification in order to prove their compliance.
Certification to the scheme provides numerous benefits, including reduced insurance premiums, improved investor and customer confidence, and the ability to tender for business where certification to the scheme is a prerequisite.
One of the scheme’s five controls is Boundary Firewalls and Internet Gateways. This can help your organisation confirm that every device is secured by a correctly configured firewall (or equivalent network device).
New to the Cyber Essentials scheme? Find out more
For all firewalls (or equivalent network devices), your organisation should routinely:
- Change any default administrative password to an alternative – using best practices – or disable remote administrative access entirely;
- Prevent access to the administrative interface from the Internet unless there is a clear and documented business need, and the interface is protected by one of the following controls:
- A second authentication factor, such as a one-time token; or
- An IP whitelist that limits access to a small range of trusted addresses combined with managed authentication.
- Block unauthenticated inbound connections by default;
- Ensure inbound firewall rules are approved and documented by an authorised individual; the organisation need must be included in the documentation; and
- Remove or disable permissive firewall rules as soon as they are not needed. Use a host-based firewall on devices that are used on untrusted networks, such as public Wi-Fi hotspots.
