The below will appear on the Refined page at Firewalls : FAQ
QUESTION | ANSWER |
|---|---|
What does ‘correctly configured’ mean for a firewall in a Cyber Essentials assessment? | You must change the default password, prevent internet access to the firewall configuration, and block unauthenticated inbound connections. In addition any firewall rules for inbound connections must be approved and documented, and any unnecessary firewall rules should be removed when not needed. |
What should be done if a device is connecting to a network that isn’t controlled by the organisation, such as a public wifi hotspot? | In this case you should ensure that the software firewall on the device is switched on (for example Windows Defender or XProtect). |
What is a ‘segregated network’ in the context of Cyber Essentials? | A segregated network is part of a network that is behind a firewall or separated using a VLAN. If you are using this to remove devices from scope, any internet connections must also be blocked by the firewall or VLAN. |
When using a third-party network (e.g. in a managed office) where details of the firewall or router are unavailable, how do we meet the firewall requirements? | If the third party is unwilling or unable to provide the details of their firewall or router, you need to use software firewalls on the end user devices or purchase your own equipment to use as the boundary. |
How can we tell if a router has a firewall built in? | Most routers will have a built-in firewall. If you do not have a separate firewall, we would suggest that the router is where the firewall rules are applied. If it is an ISP supplied home router, this would not need to be included in the scope. If you need to set up a router owned by your organisation, visit the vendor website for details about the available features and how to apply the firewall rules. |