This theme is about the technical configurations to your devices that make up the layers of protection that prevent unauthorised access (intrusion). To make your home secure in the physical world, you might have a strong fence and locked door, security cameras and a burglar alarm to keep intruders out. In the same way, on your computer, you configure cyber security controls that include the operating system, the firewall(s) and malware protection. This is often referred to as ‘defence in depth’.
Firewalls
We discussed firewalls in theme 3, secure architecture. They are the first line of defence that sits between the organisational network and devices, and the internet. Firewalls need to be configured correctly to prevent an attacker breaking through your border defence.
Types of firewall
Physical – a hardware (network) firewall or a router that contains a firewall creates the border that sits between a private internal network and the public Internet.
Software – most computers and laptops have a firewall built into their operating system. *Virtual firewalls are also software firewalls and can be border firewalls.
Protect access to the firewall configurations
If the physical firewall or router comes with a default password, these are not difficult to discover on the internet and would therefore be easy for criminals to get hold of. It is best practice to change default passwords to a 12 character unique password as soon as possible. In addition, where available, enable *multi-factor authentication (MFA)to access these devices.
If your hardware firewall or router device can be configured over the internet (remote access), it should be configured securely using MFA or a *trusted IP address. Ideally remote access to these devices should be blocked and only configured from within your networks and not across the internet.Most firewalls are set to block all inbound connections; this needs to be checked and turned on in case it is not set up by default.
With default passwords, the advice is always the same, change them as soon as possible. This applies to default passwords on your operating systems. If an attacker finds this password, they could access your software firewall.
Operating systems, cloud services, and applications are all software. Software is made up of many thousands of lines of code which inevitably contain errors. These errors are often called vulnerabilities because they are like small openings where attackers can gain access to your data and systems.
‘Supported’ software receives updates from the manufacturer as part of its maintenance. The updates contain corrections or ‘patches’ to any errors that have been discovered in the software code. In this way, the software remains secure from criminals looking to exploit vulnerabilities. Software that is no longer supported by the manufacturer no longer receives updates. The vulnerabilities, which become common knowledge for criminals, are left unpatched and are therefore a security risk.
Malware protection
Malwareis short formalicious software,which is software that is designed to cause harm by disrupting, damaging or gaining access to a computer, without the owner’s knowledge. Malware typically consists of code developed by cyber attackers, designed to cause extensive damage to data and systems, or gain unauthorised access.
To provide another layer of protection against cyber attacks, malware protection measures should be deployed on each device. This can be achieved in different ways. Malware protection software is often pre-installed on laptops, computers and servers, or if not, it can installed from one of the many providers.
It is recommended that malware protection software is:
-
Configured to the vendor’s guidelines
-
Set to automatically update
For mobile phones and tablets, malware protection software is generally not used, instead, it is recommended that downloads are limited to apps that are listed on an application allow list. This can help prevent malware from getting on those devices. The allow list can be maintained by the organisation who can identify and control the approved apps that can access the organisation’s data. They can also identify and list the reputable trusted sources from which software can be downloaded. Eg the Google Play Store and the Apple App Store.
It is recommended that you take these steps:
-
Implement and manage firewalls at your internet borders on all computers, laptops and servers
-
Default passwords must be changed on all firewalls before being used
-
Multi-factor authentication must be used to access routers and firewalls
-
Inbound communications must be blocked by firewall configurations
-
Only install licensed and supported software that is receiving security updates
-
All critical and high updates need to be installed within 14 days of being released by the software provider
-
All software in use must be receiving software updates from the manufacturer.
-
Operating systems must be supported by the software provider.
-
protection must be set up on devices
-
Anti-malware software must be set to automatically -update
-
Anti-malware software must be set up in line with the provider’s recommendations
-
You must maintain an application allow list for mobile phones and tablets
Explainers:
What is a virtual firewall?
Virtualisation is the technology that allows us to take the hardware resources of one server and divide it up for use in different functions. Each divided part of the server can be given its own operating system and applications. This turns the divided sections of the server intovirtual machines (VM) and the server as a whole into avirtual server (VS). Specialist software called a hypervisor is used to overlay the server and create the software-based or multiple ‘virtual’ versions of a computer. The software firewall built into the hypervisor is known as a virtual firewall.Like a physical network firewall, a virtual firewall inspects data packets and uses security policy rules to allow or block communication between virtual machines.
What is multi-factor authentication (MFA)?
MFA means that in addition to a password, account holders will be asked to prove their identity with one or more other ways. This could be a a code sent to another device such as a text message to a mobile phone or a single use code generated by an authenticator app or physical token.
What is a trusted IP address?
Every device connected to the internet has a unique digital address called an IP address which is used to help it communicate with websites and other devices. The IP (internet protocol) address is a unique series of numbers separated by decimal points that identify it (eg 198.169.0.100.) A device or service may be configured to allow access to an external IP address or range of IP addresses, for example, only those used by your employee or supplier.