Some clients may try to obtain directly Cyber Essentials or Cyber Essentials Plus, in this guide we will cover some common questions clients may need to answer during this process.
Please note this over covers the essensys Connect network it doesn't cover the client's own security or network that they may have provisioned.
Q: Please Provide a list of network equipment in uses (include all equipment that controls the flow of data)
A: We use enterprise-grade switches and firewalls on site which are linked to our cores in world-class data centres.
Q: Provide details of the firewalls in place between our office network and the internet.
A: Within our Data Centres we use Juniper firewalls
Q: When you first receive an internet router or hardware firewall device it will have had a default password on it. Has this initial password been changed on all such devices? How do you achieve this?
A: Yes all default passwords are changed, and we use RADIUS and LDAP via a secure VPN
Q: Is the new password on all your internet routers or hardware firewall devices at least 8 characters in length and difficult to guess?
A: All passwords on our internet routers or hardware firewall devices are at least 8 characters in length and difficult to guess we also use RADIUS authentication and LDAP via a secure VPN.
Q: Do you change the password when you believe it may have been compromised? How do you achieve this?
A: We use RADIUS and LDAP its centralized system so can be changed at anytime.
Q: If you do have services enabled on your firewall, do you have a process to ensure they are disabled in a timely manner when they are no longer required? Describe the process.
A: Our firewalls block all incoming intrusive traffic on all ports if a customer requires a specific configuration we request them to install their own firewall.
More info here.
Q: Have you configured your internet routers or hardware firewall devices so that they block all other services from being advertised to the internet?
A: Please see the above answer.
Q: Are your internet routers or hardware firewalls configured to allow access to their configuration settings over the internet?
A: As above other answers, RADIUS and LDAP and can only be accessed via a secure VPN.
Q: If yes, is the access to the settings protected by either two-factor authentication or by only allowing trusted IP addresses to access the settings? List which option is used.
A: Yes please see above.