Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

01) Are all ingress and egress points for traffic through your network or cloud environment protected by firewalls?

September 11, 2024
Network and Cloud Security
Firewalls
Small Framework

Answer yes if your organisation has secured all of the ingress and egress points of its corporate network and IT environments (cloud-based or otherwise) with firewalls - whether as discrete appliances or as cloud-hosted network security service functions.

What is the control?

Firewalls allow you to control what traffic can enter or exit your network. This helps create a perimeter with chokepoints where controls can be applied to act as an initial protective barrier helping keep unwanted types of traffic, or traffic from certain sources (or to certain destinations).

Why should you have it?

Without firewalls, every internal system on your network could be reachable to outsiders and therefore exposed to attack. Having them in place allows you to limit what traffic can enter your network and what systems it can reach. This creates a first line of defence to your network, significantly reducing the possible venues for malicious traffic.

Creating points of control for the traffic entering and exiting your network also gives you additional flexibility in terms of how to structure the internal network and which parts of it, and which services on those parts are accessible (and what they can communicate back out to. This mitigates exposure and therefore the risk to otherwise potentially vulnerable internal systems.

How to implement the control

When designing your corporate network, ensure that connectivity to the outside world is routed via the intended paths and place firewalls along these points. Your network should be segregated as per your individual needs and your firewalls configured to only allow inbound connections to internal systems where the purpose of those systems is to serve those outside connections (such as web servers or secure file servers).

You should also block any outbound connections initiated by these internal systems if they are not expected to do so. Ideally, any servers with a public function should also be in a separate network segment, segregated from other internal infrastructure with a firewall.

There are numerous consultancies or individual consultants that will be able to assist in crafting the correct security architecture in a way that meets your business and technical requirements.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.