Hardware vs. Software Firewalls

Running a hardware and software firewall is essential to having a secure network.

In most instances SOHO NAT-routers are not strictly speaking firewalls. The NAT aspect of the router acts like a firewall as far as incoming traffic is concerned. For most people and uses this is enough for inbound protection. In summary therefore a hardware firewall (typically the NAT-router) is very good for stopping incoming attacks. However, in the main, flexibility in configuration of these SOHO routers is fairly limited.

Having a software firewall in place is especially useful for two main reasons:

It provides outbound protection. This will help keep anything like a trojan or worm that gets onto your system from easily sending it's traffic out. i.e. for the situation where, despite best endeavours, a rogue program has got into the system (e.g. a pay-load on an email that that the anti-virus software missed or a nasty picked up on a web-site) and starts calling out; this is something that is definitely not wanted. A hardware firewall will not stop these because the attack is originating from the LAN by a program activited by the PC(s); the router thinks this traffic is good/safe and would allow it through.
A software firewall can provide application level security. Only a Software firewall is able to monitor and control which programs on your computer connect to the internet.

Furthermore, with software firewalls the configuration facilities are generally more extensive than with hardware firewalls and offer greater flexibility in what can be allowed/disallowed in terms of incoming and outgoing connections and thus the user is better equipped to handle eventualities. This is where the Sofytware firewall will save the day!

Typical examples of software firewalls include:

Zone Alarm
Norton Personal Firewall (also part of the Norton Internet Security sutie of products)
Tiny firewall
Freedom Firewall

The logging facilities in the examples such as Norton Personal Firewall and Freedom firewalls are way in advance of the most router logging facilities (which are pretty basic it must be said) and there is always something of interest coming from the inside! :-) Well no amount of telling 11-years will stop them clicking something they shouldn't, especially when they have been sent it by another 11 year-old inviting them to click it! I rarely have external intrusions but on the few occasions there is something of interest the Norton Personal Firewall (Norton Internet Security) offers useful tracing functionality.

In conclusion both a Hardware Firewall/NAT Router and a Software Firewall are needed for good security. The key to security is defence in depth.

::: Made with CoffeeCup : Web Design Software & Website Hosting :::