Cyber Essentials – Step 1 Explained

Step 1 to Cyber Essentials

Boundary firewalls and Internet gateways: Your network should have a properly configured firewall

What does this mean…?

A firewall or Internet gateway protects internal networks and systems against unauthorised access from the Internet.

The firewall monitors all inbound and outbound traffic and restricts it to only authorised connections. Such restrictions are achieved by applying configuration settings known as firewall rules.

Failure to configure firewalls properly may give cyber criminals and hackers unauthorised access to your internal company systems and access to your critical sensitive information.

What can we do to help reduce this risk…?

Firewalls are generally managed by users who have the ability to make changes to the device, known as administrators.
Most firewalls are built with default usernames and passwords to allow easy configuration from new.
It is important then to change the default administrative password for any firewall or equivalent network device to an alternative, strong password, ideally before you put it into a live environment.

It is advisable to also:

  • Review, authorise and document all firewall rules.
  • Disable any unapproved services, or services that are typically vulnerable to attack.
  • Disable or remove firewall rules that are no longer required.

And remember……Ensure that the administrative interface used to manage boundary firewall configuration isn’t accessible from the Internet.


Cyber Essential certified body - securious

If you need further guidance with Cyber Essentials, please feel free to get in touch, and find out how this Government Scheme can help with protecting your organisation.