The Five Core Controls of Cyber Essentials – Firewalls and Routers

Is it true that just 5 technical controls can help prevent most cyber attacks? What are these cyber security essentials and how do they work? Over #CyberSecurityAwarenessMonth we will explore each of the five controls in separate blog posts to find out more.

Create a security filter between the internet and your network and on your device. 

Your internet service provider will have given you a small box with lights on it to plug in when you subscribed to an internet service plan – this device is called a router. A router is a key part of any network as the router’s job is to move data between your devices and other networks.

Your router’s important security settings

As the router allows devices and networks to connect together, it is important that the router’s security settings are configured correctly. Many modern routers will prompt the user to set a new admin password before connecting to the internet for the first time. However, other routers arrive from the manufacturer with a default password such as ‘ADMIN’. Even if your router has a more complicated default password, it is not difficult to find it out with a quick search on the internet.  Note that the router’s admin password is not the same thing as the Wi-Fi password which allows you to access the network, that is a separate passcode. The router password protects the router’s settings and configuration. It is vital you change this if there is a pre-set default password to ensure that strangers cannot log onto your network and intercept your data or lock you out of your own network. You will find information about both the router password and the WIFI passcode with the information that comes with the router or actually on the router.

Firewalls

In computing, a firewall is a safety barrier but, unlike a physical barrier, a computer firewall is more of a filter than a total block. It works with data flowing in both directions to check, then accept or deny data moving through a network.

There are two types of firewalls to protect your information:

A boundary firewall can be a hardware device like a small computer that is installed between your computer network and the internet. It will monitor the packets of data as they move in and out of your network and can block or permit data according to the firewall’s predefined rules. Hardware firewalls are usually used by large companies so not everyone will use one.

For small business networks and home networks, your internet router contains the boundary firewall. It acts as a protective buffer zone between your devices and the internet. The inbuilt firewall within the router checks the connections to and from your devices to make sure that they are not likely to be harmful. Most settings are pre-set, but it is important to check that your router firewall is turned on and configured in a way that is most beneficial.

Under settings, you will also be able to turn on the firewall if it is not automatically enabled.

A host based firewall ( sometimes called a personal firewall ) provides added internal protection within a network. This is a software firewall which is installed on an individual computer and protects that single device. If multiple computers need protection, the software firewall must be installed and configured on each device. Most modern operating systems include a free software firewall already installed.

A software firewall controls the behaviour of specific applications (e.g. blocking access to certain websites) and can be set up differently for each computer depending on the required levels of access and permissions. Software firewalls are useful if a threat does manage to infect a computer, as it can prevent the malware spreading to the other computers connected to the same network.

Best practice cyber security requires at least two types of firewall are used. One on each computer within a private network and another one at the entrance or boundary to the network.

Where you do not control the network firewall, for example, in a coffee shop, hotel or conference centre, the host-based firewall on your device will act as your boundary.

Firewall rules

A firewall works by filtering the incoming network data and determining if something is allowed to enter a network. The firewall uses a set of rules known as an access control list to determine what is allowed in and what is denied, it also decides what can leave a network and what is denied. These rules are customisable and can be determined by the network administrator.

A basic firewall may allow traffic from all locations on the internet except those flagged in a block-list. A more secure firewall might only allow traffic from selected web locations listed in a safe-list. Most firewalls use a combination of rules to filter traffic, such as blocking known threats while allowing incoming traffic from trusted sources. A firewall can also restrict outgoing traffic to prevent spam or hacking attempts.

For the Cyber Essentials assessment, you will need to understand if you have any firewall rules that are accepting incoming connections and make sure they are all for devices that you know about and want to be active. You also need to ensure a plan is in place to close these rules down as soon as they are no longer required.

Open ports

In networking the term ‘open port’ indicates a port number has been configured to accept data packets. Different software and services will require different numbers of ports to be open on firewalls in order to establish connections. This might be because you enable a service to work from outside your network or you allow an external IT provider to remotely configure your devices. Do not leave any port open that does not have a legitimate reason for being open. Close all unnecessary ports.

For Cyber Essentials, opening ports in the firewall should only happen when there is a documented business case for doing so. A documented business case means that the reason for opening a port must be discussed and recorded. The requirement should be reviewed regularly and when the ports no longer need to be open, they should be closed as soon as possible.

How can it help prevent a cyber attack?

The firewall works as a gatekeeper to your network and devices. While allowing legitimate content to pass through, it helps keep destructive and disruptive forces out.

Find out more about getting Cyber Essentials certified here.