Cyber Essentials – Step 1 Explained
Step 1 to Cyber Essentials
Boundary firewalls and Internet gateways: Your network should have a properly configured firewall
What does this mean…?
A firewall or Internet gateway protects internal networks and systems against unauthorised access from the Internet.
The firewall monitors all inbound and outbound traffic and restricts it to only authorised connections. Such restrictions are achieved by applying configuration settings known as firewall rules.
Failure to configure firewalls properly may give cyber criminals and hackers unauthorised access to your internal company systems and access to your critical sensitive information.
What can we do to help reduce this risk…?
Firewalls are generally managed by users who have the ability to make changes to the device, known as administrators.
Most firewalls are built with default usernames and passwords to allow easy configuration from new.
It is important then to change the default administrative password for any firewall or equivalent network device to an alternative, strong password, ideally before you put it into a live environment.
It is advisable to also:
- Review, authorise and document all firewall rules.
- Disable any unapproved services, or services that are typically vulnerable to attack.
- Disable or remove firewall rules that are no longer required.
And remember……Ensure that the administrative interface used to manage boundary firewall configuration isn’t accessible from the Internet.
If you need further guidance with Cyber Essentials, please feel free to get in touch, and find out how this Government Scheme can help with protecting your organisation.