What is a firewall? Think of a firewall as an intruder detection system for your organisation's network. It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office. The main purpose of a firewall is to protect your computer or network from harm. It helps to prevent unauthorised access, like hackers. It also helps to stop viruses, malware or other malicious software from infecting your system. It acts as a shield, keeping your personal and sensitive information safe.
Your firewall may be managed by your IT or internet provider. Often they will be at default settings, so it is good to ask your provider about the following:
- Have functions, accounts and services not needed been disabled or removed?
- Has the default password been changed and only shared with authorised personnel?
- Has access to the admin interface from the internet been prevented - unless there is a clear and documented business need?
- Is the admin interface protected by multi factor authentication?
What kind of rules should be set?
- Outgoing connections should be allowed - this allows you to browse the internet.
- Unauthenticated inbound connections should be blocked.
- Firewall rules should be approved and documented by the authorised individual for specific services which should be regularly reviewed.
- Permissive firewall rules should be removed or disabled when they are no longer needed.
- Access should be restricted to certain ports and regularly reviewed.
- Specific IP addresses or ranges should be filtered and regularly reviewed.
- Logging should be enabled.
Further guidance for schools can be found in the DFE document: Cyber Security Standards for Schools and Colleges. The document discusses the importance of firewalls and how they make scanning for suitable hacking targets much harder - hackers will always try to find the easiest route for an attack so making it difficult makes an attack less likely.
Further help and advice can be found in our Information & Cyber Security Best Practice Library and further questions to ask can be found in our Information/Cyber Security Checklist. The checklist covers the following areas:
- Governance and policies
- IT checks
- Physical Checks
Firewalls also have vulnerabilities and hackers will always try to exploit vulnerabilities as discussed in this Computing article: Major firewall maker alerts customers to vulnerabilities.
Consider the use of secure methods and organisational devices for staff required to work from home. Review our Work out of school Best Practice Area. Ensure that there is secure remote access, especially if a school server needs to be accessed.
What to do in the event of a cyber attack?
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.