A4 CE Montpellier

Firewalls

Technical protection between network devices and the internet. Covers boundary firewalls, software firewalls, and remote/home worker device protection.

15 questions
A4.1
Do you have firewalls at the boundaries between your organisation's internal networks, laptops, desktops, servers, and the internet?
yesno
A4.1.1
When your devices (including computers used by homeworkers) are being used away from your workplace, how do you ensure they are protected?
text
A4.2
When you first receive an internet router or hardware firewall device, it may have had a default password on it. Have you changed all the default passwords on your boundary firewall devices?
yesno
A4.2.1
Please describe the process for changing your firewall password.
text
A4.3
Is your new firewall password configured to meet the 'Password-based authentication' requirements?
choice
A4.4
Do you change your firewall password when you know or suspect it has been compromised?
yesno
A4.5
Do you have any services enabled that can be accessed externally from your internet router, hardware firewall or software firewall?
yesno
A4.5.1
Do you have a documented business case for all of these services?
yesno
A4.6
If you do have services enabled on your firewall, do you have a process to ensure they are disabled in a timely manner when they are no longer required?
text
A4.7
Have you configured your boundary firewalls so that they block all other services from being advertised to the internet?
yesno
A4.8
Are your boundary firewalls configured to allow access to their configuration settings over the internet?
yesno
A4.9
If you answered yes in question A4.8, is there a documented business requirement for this access?
yesno
A4.10
If you answered yes in question A4.8, is the access to your firewall settings protected by either multi-factor authentication or by only allowing trusted IP addresses combined with managed authentication?
choice
A4.11
Do you have software firewalls enabled on all of your desktop computers, laptops and servers?
yesno
A4.12
If you answered no to question A4.11, is this because software firewalls are not installed by default as part of the operating system you are using? Please list the operating systems.
text
← Previous section
A3
Insurance
Next section →
A5
Secure Configuration

Does your organisation meet the Firewalls requirements?

Check your real-world posture across all 5 Cyber Essentials control areas in 3 minutes. Free, no account needed.

Check my readiness → Explore the questions first