Firewall Requirements for ISO 27001

In this article, you will discover:

• What is ISO 27001 and Firewall
• Types of firewalls
• Firewall requirements in SOC 2

What is ISO 27001?

ISO 27001 is the globally recognized standard for information security management systems (ISMS), providing companies of any size and from all sectors with a systematic and structured approach to managing and protecting sensitive information. 

It employs a Plan-Do-Check-Act (PDCA) cycle and provides a framework for organizations to:

• Identify and assess information security risks
• Implement control to mitigate risks
• Monitor and review the effectiveness of of those controls on an ongoing basis

More information about ISO 27001 can be found in this article.

What is a Firewall?

A firewall serves as a network security tool, overseeing both incoming and outgoing network traffic and determining whether to permit or block specific traffic based on predefined security rules. 

With a history spanning more than 25 years, firewalls serve as the primary defense mechanism in network security, creating a boundary between secure internal networks and potentially untrustworthy external networks like the Internet. 

Firewalls can take various forms, including hardware, software, software-as-a-service (SaaS), and deployment in public or private clouds.

Benefits of Firewalls:

• Monitors Network Traffic: Firewalls analyze network traffic to enforce rules and filters, enabling proactive management of system protection.

• Stops Virus Attacks: By controlling system entry points, firewalls prevent harmful viruses from infiltrating and causing potential damage.

• Prevents Hacking: Firewalls act as a barrier against unauthorized access attempts, deterring hackers from compromising sensitive data and systems.

• Stops Spyware: By blocking spyware and malware, firewalls safeguard systems from unauthorized infiltration and data theft.

• Promotes Privacy: Firewalls ensure data security, fostering trust and privacy for clients and enhancing organizational reputation and competitiveness.

Types of Firewalls

Type	Functionality	Advantages	Disadvantages
Packet Filtering Firewall	Inspects data packets with source and destination IP Drops packets failing inspections	Simple	Easy to bypass Vulnerable to IP spoofing Lacks user authentication and loggingInflexible, designed to monitor specific details
Stateful Inspection Firewall	“Traditional” firewall Combines packet filtering and TCP handshakes Tracks and filters based on the connection status	Better protection than packet-filtering Better logging and tracking features	No application-filtering or content-filteringHigh resource consumption (memory & CPU) Complex configuration
Proxy Firewall (Application-Level Gateway)	Verifies packets, TCP handshake, and application layer inspections	Extra separation between the source and the network Powerful if configured correctly Easy setup process Delivery via cloud solutions	Needs new proxy for each application Complex configuration Slow performance
Unified Threat Management (UTM) Firewall	Combines stateful inspection with intrusion prevention and antivirusIncludes cloud management for added services	Simple: consolidates IT services into 1 device Centralized management Flexible	Single point of failure Slow performance if handles a lot of applications
Next-Generation Firewall (NGFW)	Deep-packet inspection Included Intrusion prevention systems (IPS) Application Identification and filtering	Highly Secure Monitors network protocols from the data link layer More efficient than the combination of other firewalls	Single point of failure  Require high investment & resources Complex configuration Slower performance compared to traditional firewalls
Threat-Focused NGFW	All the capabilities of a traditional NGFW + advanced threat detection and remediation	Robust threat defense	Same limitations as NGFWs
Virtual Firewall	Virtual appliance in a private cloud (VMware ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google Cloud, …)	More cost-effective than physical firewalls Scalable Flexible: customize policies based on specific needs Centralized management	High resource consumption Security risks if not properly configured Complex configuration Price fluctuates based on consumption
Cloud Native Firewall	Multi-tenant capabilitySmart load balancing	Agile and elastic: customize policies based on specific needs Centralized management Scalable	Single point of failure Complex configuration Slow down network performance

Firewall Requirements for ISO 27001

Among the 93 controls outlined in ISO 27001:2022, Annex 8.20 Networks security and 8.21 Security of network services (replace ISO 27001:2013 Annex 13.1.1 and 13.1.2) are particularly relevant to Firewall requirements.

Annex A 8.20: “Network and network devices should be secured, managed and controlled to protect information in systems and applications.”

This Annex mandates the implementation of controls to safeguard information security within networks and to prevent unauthorized access to connected services. 

Within network security management, two relevant controls concerning Firewalls are the Security of Network Services and Network Controls.

Network Controls:

Like other types of security controls, network controls can be categorized into various types, depending on their primary function. Here are some control types that related to Firewalls:

• Preventive controls aim to preemptively halt attacks or intrusions. Firewalls are among such preventive controls. Other examples include Intrusion Prevention Systems (IPS), Web Gateways, and physical isolation of network components.

Security of Network Services:

Network services security is ensured through the establishment of Network service agreements that outline relevant security parameters and requirements, including the deployment of firewalls. These agreements must be documented and signed to ensure adherence to security protocols.

Annex A 8.21: “Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored”.

Network services include systems operating on the ‘network application layer’ like email, file servers, as well as infrastructure components like firewalls, Intrusion Detection System (IDS), gateway antivirus platforms, and connection services. 

To enhance security, one recommended measure outlined in this Annex is to employ mechanisms that limit access to network services or applications, a task typically accomplished through the utilization of firewalls and IDS/IPS.

Sign up for Agency today to explore the capabilities of Firewalls for your business.