Page Comparison

Why is it important to have a firewall?

Are home routers supplied by Internet Service Providers in scope?

No, they are not in scope.

What does ‘correctly configured’ mean for a firewall in a Cyber Essentials assessment?

You must change the default password, prevent internet access to the firewall configuration, and block unauthenticated inbound connections. In addition any firewall rules for inbound connections must be approved and documented, and any unnecessary firewall rules should be removed when not needed.

What should be done if a device is connecting to a network that isn’t controlled by the organisation, such as a public wifi hotspot?

In this case you should You need to ensure that the software firewall is configured on the your device is switched on (for example, Windows Defender or XProtect).

What is a ‘segregated network’ in the context of Cyber Essentials?

A segregated network is part of a network that is behind a firewall or separated using a VLAN. If you are using this to remove devices from scope, any internet connections must also be blocked by the firewall or VLAN. MacOS firewall).

When using a third-party network (e.g. in a managed office) where details of the firewall or router are unavailable, how do we meet the firewall requirements? 

If the third party is unwilling or unable to provide the details of their firewall or router, you need to use software firewalls on the end user devices or purchase install your own equipment device to use as the boundary.

How can we you tell if a router has a firewall built in?

Most routers will have a built-in firewall. If you do not have a separate firewall, we would suggest that the router is where the firewall rules are applied. If it the router is an ISP supplied home routersupplied by your internet service provider, this would not need to be included in the scope. If you need to set up a router owned by your organisation, visit the vendor website for details about the available features and how to apply the firewall rules.