Cyber Essentials Section 1 - Firewalls and Internet Gateways

The Cyber Essentials is a UK government-backed framework which is designed to assist organisations in protecting themselves against common threats.  The Cyber Essentials provides a basic cyber security foundation that can serve as a stepping stone to a more comprehensive zero-trust approach. The Cyber Essentials is built on 5 key components that, when implemented correctly, can reduce cyber risk.  The five key components are:

1. Firewalls and Boundary Devices
2. Secure Configurations
3. Access Control
4. Malware Protection
5. Patch Management

Tenable has released a series of reports, that focuses on each of the five basic technical controls, which organisations can use to help strengthen their defences against the most common cyber threats.

The focus of this report is Section 1 - Firewalls and Internet Gateways.  Key components of this section apply to all the following in scope devices: Boundary Firewalls, Desktop Computers, Laptops, Routers, Servers, Iaas, PaaS, and SaaS devices.  Devices must be secure and only necessary network services should be able to be accessed from the Internet. The objective of this key component is the control of inbound/outbound traffic.

This requirement applies to every in scope device, and can be achieved using Boundary Firewalls to restrict inbound or outbound traffic, a software firewall which is installed and configured on each end point device, or for cloud services, data flow policies. Most end point devices, such as desktops and laptops come with software firewalls pre-installed, and the Cyber Essentials recommends that these services be enabled.  Essentially, every in scope device must be protected by either a properly configured firewall, or a network device with firewall functionality. 

This report contains the following chapters:

• Infosec Team - Asset Discovery/Inventory - This chapter contains a listing for each asset that has been identified in the environment. 

  • Asset Discovery and Inventory Summary - This statistical summary displays information related to Asset Discovery and Inventory.
  • Host Summary - This host summary table displays a list of hosts, the last licensed scan date on record, the last seen date, and the hosts operating system.
• Firewall Rule Enumeration - The Firewall Rule Enumeration Summary provides statistical details on firewall compliance results.
• Assets Identified as Firewalls - This section displays a summary table displaying the Asset ID, Asset Name, ACR Score, IPv4 Address and OS for assets that have been identified as a firewall.
• Active Well Known Ports - The Vulnerabilities on Well Known Ports summary provides a count of vulnerabilities by Privileged TCP port (<1024), and severity or exploitability.
• Active Other Ports - This chapter displays information on active ports other than well known ports "other than active well known ports"