02 Jan Cyber Essentials 101 – Boundary Firewall Internet Gateway
Boundary Firewall & Internet Gateway is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.
Why Boundary Firewall and Internet Gateway is important?
This control applies to every business where employees have access to the Internet. Boundary Firewall and Internet Gateway will identify and prevent unauthorised access to organisation’s network, computers and systems. It can help protect against common cyber threats by implementing restrictions to inbound and outbound network traffic, known as “Firewall rules”
How to manage Boundary Firewall and Internet Gateway requirement?
- Change default administrative password for any firewall to alternative, strong password
Rules that allow network traffic to pass through the firewall should be subjected to approval by an authorised individual and documented - Disable or block unapproved/unauthenticated connections or connections that are known vulnerable to attacks by default
- Remove or disable Firewall rules that are no longer required
- Use a host-based firewall on devices which are used on untrusted networks, such as public Wi-Fi hotspots. Host-based firewall works in the same way as a boundary firewall but only protects the single device on which it is configured
- Prevent access to the admin interface (used to manage firewall configuration) from the Internet, unless there is a clear and documented business need. The interface should be protected by extra security measures using Second Authentication Factor, encrypted connection/SSL and restricted access by a limited number of IP whitelist.
About the Cyber Essentials Scheme
This is the first of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.
Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.
Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.
How Urban Network can help
It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.
For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here
Contact us and speak with a CyberSecurity expert who will answer any questions you might have.
Get a Free Network Health Check completely free of charge, and with no obligation attached.
Access Control is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.
Why Access Control is important?
This control aims to ensure that only authorised individuals have user accounts and have access and at the appropriate level to reduce the risk of information being stolen or damaged. User accounts with special access privileges such as administrative accounts are often the target of cybercriminals as they have greater access to business sensitive information. When such account is compromised, it can facilitate large-scale corruption of information and disruption to business operations.
How to manage Access Control requirement?
- Have a provisioning and approval process for user account creation
- Special access privileges should be restricted to a limited number of individuals, be documented (e.g. individual details and purpose) and reviewed on a regular basis
- Admin accounts should be configured to require a password change on a regular basis
- Implement two-factor authentication, where available
- Every user should use a unique and strong password to access to applications, computers and network system
- Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
- Remove or disable user accounts and special access privileges when no longer required (e.g. when an individual changes role or leaves the organisation) or after a pre-defined period of inactivity (e.g. 3 months)
About the Cyber Essentials Scheme
This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.
Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.
How Urban Network can help
It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.
For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here
Contact us and speak with a CyberSecurity expert who will answer any questions you might have.
Get a Free Network Health Check completely free of charge, and with no obligation attached.