Andy Green's Blog

A web-workers world…

Firewalls – Hardware Versus Software

The system that provides the barrier between the outside world and your computer is the firewall. The firewall examines all of the traffic that your computer sends and that comes to your computer. It will only open its gates if the traffic is on an allowed list of traffic sources and destinations. This vital computer system is nearly a requirement on all computer systems in order to protect them from viruses, worms, Trojans, and other threats. The question becomes: Should one choose a hardware firewall option, or a software option?

To better decide, it is beneficial to talk about what a firewall does. The firewall is a computing device whose sole purpose is to monitor and filter traffic. Internet communication is a process not unlike a major highway system. When you enter a address into your browser, your computer sends a signal along a network route (numbered by a port number) to another computer (described by an IP address). The port number can be between 1 and 65535, while the IP address is four numbers each between 0 and 255. The firewall will note the port and IP of each request, and based upon a set of rules the firewall will either allow or block the request. At the minimum, it will record the numbers of traffic going either way, giving a log of traffic for later review.

The difference between a hardware and software firewall arises from where the firewall sits and the mechanism it works with. A hardware firewall is a separate computing device which sits between the computer and the outside world. When the computer sends a request and the outside world replies, the firewall will review and log the request before it passes the firewall. A software firewall sits on the computer being protected reviewing all requests on the software level. Both work to protect the computer from threats entering the computer, and an infection sending data into the outside world.

The hardware firewall has the benefit of separating your computer from the process. It will review the traffic before it reaches the computer. This extends a protection that the software does not possess. The hardware firewall also has the benefit of its own resources. The firewall can also hold intelligence, filtering packets by not only where it said they came from, but where they actually came from, and their contents to an extent. The hardware firewall can also protect a number of computers on the network, as multiple computers can be on the computer side.

The shortcoming of the hardware firewall is that it does not look as hard at outgoing traffic. This can be a big problem, as some malicious programs could transmit data or launch attacks from your computer. Also, if too many computers are on the network, then the firewall will get bogged down with traffic requests, slowing the entire network down.

Software firewalls work on the individual computer. The user can choose specific programs to allow sending traffic to the outside world, and the protocol for other programs. It can be configured to deny everything but what is listed on a safe list, or it can prompt you to decide of you want to keep the site on the safe list. The big problem with the software filter is that it will only protect the computer it is on. As a result, if there are a number of computers on the network, each will need its own firewall, making it more complex to setup the network.

The question of which is better is a challenging one. Each has its own strengths. The hardware firewall is good at blocking direct intrusions and any incoming malicious code. The software firewall is better at identifying Trojans and email viruses trying to turn your computer into a zombie terminal (one that launches denial of service attacks or spam messages).

The minimum amount of protection that should be had is a hardware firewall. Upgrades and additions to your computer and its network will not affect your network security and firewall. To boost the protection, supplanting the hardware firewall with the addition of a software firewall will give a near complete protection passage. No protection is perfect; so long as there is an internet connection, then there is a possibility for someone who is highly skilled getting into your computer. The addition of firewalls will deter most attackers and block automatic, malicious scripts.


December 5, 2008 - Posted by | Online Security | , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: