4.5: Implement and Manage a Firewall on End-User Devices
Threats Addressed:
Incorporates the following controls from the previous version: 9.2: Ensure Only Approved Ports, Protocols, and Services Are Running, 9.4: Apply Host-Based Firewalls or Port-Filtering, 11.2: Document Traffic Configuration Rules, 12.4: Deny Communication Over Unauthorized Ports.
Control Statement
Implement and manage a host-based firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]