# 1. Firewalls

The aim of this control is to ensure that network services are protected from unauthorised access.

This control expects organisations to:

* Change default admin passwords or disable remote admin access.
* Disable admin access from the internet unless there is a legitimate business need for such access. If access is required, this should be protected by multi-factor authentication or an IP allow list .
* Block unauthenticated inbound connections by default.
* Ensure inbound firewall rules are approved and documented by an authorised individual with the business need for the rule stated.
* Remove or disable unneeded firewall rules as soon as they are no longer required.
* Ensure devices have software firewalls installed if they will be used on untrusted networks, such as public wi-fi.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://manual.harpe.io/start/cyber-essentials-wiki/controls/1.-firewalls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.