Be Cyber Aware: Firewalls

This article is about firewalls and how they can help in your plan towards being cyber resilient.

What is a firewall?  Think of a firewall as an intruder detection system for your organisation's network.   It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office.  The main purpose of a firewall is to protect your computer or network from harm.  It helps to prevent unauthorised access, like hackers. It also helps to stop viruses, malware or other malicious software from infecting your system.  It acts as a shield, keeping your personal and sensitive information safe.

Your firewall may be managed by your IT or internet provider.  Often they will be at default settings, so it is good to ask your provider about the following:

• Have functions, accounts and services not needed been disabled or removed?
• Has the default password been changed and only shared with authorised personnel?
• Has access to the admin interface from the internet been prevented - unless there is a clear and documented business need?
• Is the admin interface protected by multi factor authentication?

Setting up a firewall can be a complex task but is often provided by your IT support or internet provider.

What kind of rules should be set?

• Outgoing connections should be allowed - this allows you to browse the internet.
• Unauthenticated inbound connections should be blocked.
• Firewall rules should be approved and documented by the authorised individual for specific services which should be regularly reviewed.
• Permissive firewall rules should be removed or disabled when they are no longer needed.
• Access should be restricted to certain ports and regularly reviewed.
• Specific IP addresses or ranges should be filtered and regularly reviewed.
• Logging should be enabled.

Further guidance for schools can be found in the DFE document: Cyber Security Standards for Schools and Colleges.  The document discusses the importance of firewalls and how they make scanning for suitable hacking targets much harder - hackers will always try to find the easiest route for an attack so making it difficult makes an attack less likely.

Further help and advice can be found in our Information & Cyber Security Best Practice Library and further questions to ask can be found in our Information/Cyber Security Checklist.  The checklist covers the following areas:

• Governance and policies
• IT checks
• Physical Checks

Firewalls also have vulnerabilities and hackers will always try to exploit vulnerabilities as discussed in this Computing article: Major firewall maker alerts customers to vulnerabilities.

Consider the use of secure methods and organisational devices for staff required to work from home.  Review our Work out of school Best Practice Area. Ensure that there is secure remote access, especially if a school server needs to be accessed.