Firewalls

A4.1

Do you have firewalls at the boundaries between your organisation's internal networks, laptops, desktops, servers, and the internet?

yesno

A4.1.1

Do you have software firewalls enabled on all of your computers, laptops and servers?

yesno

A4.1.2

If you answered no to question A4.1.1, is this because software firewalls are not installed by default as part of the operating system you are using? Please list the operating systems.

text

A4.2

When you first receive an internet router or hardware firewall device, it may have had a default password on it. Have you changed all the default passwords on your boundary firewall devices?

yesno

A4.2.1

Please describe the process for changing your firewall password.

text

A4.3

How is your firewall password configured?

choice

A4.4

Do you change your firewall password when you know or suspect it has been compromised?

yesno

A4.5

Do you have a process to manage your firewall?

yesnodescribe

A4.6

Have you reviewed your firewall rules in the last 12 months?

yesnodescribe

A4.7

Is your firewall configured to allow unauthenticated inbound connections?

yesno

A4.8

Please describe how you approve and document your allowed inbound connections.

text

A4.9

Are your boundary firewalls configured to allow access to their configuration settings over the internet?

yesno

A4.10

If you answered yes in question A4.9, is there a documented business requirement for this access?

yesno

A4.11

If you answered yes in question A4.9, is the access to your firewall settings protected by either multi-factor authentication or by only allowing trusted IP addresses combined with managed authentication?

choice