Solved

Soft-vs-Hard Firewall

Posted on 2004-09-09
8
999 Views
Last Modified: 2008-01-09
Greetings Experts,

I have heard differing accounts as to what is best; a hardware firewall, or a software firewall.
Some of my readings suggest that a hardware firewall is best due to the advanced electronics, other's seem to suggest that a software firewall is best due to the advanced software. Hmmm...
What is truly the BEST, BEST, BEST avenue?

Thank you!!
0
Comment
Question by:Fermion
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Accepted Solution

by:
tmireles earned 500 total points
ID: 12022613
The best route will be the most expensive as well and it would be a hardware firewall.  Almost every company out there uses hardware firewall to prevent from getting hacked.  Hardware firewall can come in the form of a router that has the firewall built into it.  Reason is that you are not relying on software to do the blocking of certain ports.  The hardware firewall does this after it is setup.  Yes it does use software to do this however once it is setup there is no user interaction that can reset it by accident.  

Software firewall is good for must home users that have some important stuff on their computer.  It will also warn you if you have programs trying to access the internet without your permission.  The software firewall is only as good as the user.   The reason I say this is because when you are prompted to give permision to a program to access the internet then it is the user who must determine if the program is legit or not.  If every time a program asks for permision to go on the net and the user allows it every time you might as well save your resources and remove the software firewall.  It will block incoming attacks though although most home users are rarely attacked unless a virus is involved.

Best solution is a combination of both hardware and firewall but that is just my opinion.  I use zone alarm on my laptop and that has worked well for me.  I also have a router with firewall built into it (most do).  At work we have a hardware firewall that does not allow access to anyone into our servers unless you use vpn.  But even then it is such a pain to configure because of how high the security settings are set.

I hope this helps you out a bit.  If you have more questions let me know.

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12023103
No doubt that every expert on this site will reflect the same attitude towards firewalls that tm already said.  I have no real use for Software Firewalls, unless it is a home system, not in a production environment, or if the specific user just does not want others within the LAN to access their system.  Of course, I am also concerned about performance, and most add-on firewalls worth their weight will drag down a system, especially one that is already under-powered.

FE
0
 
LVL 3

Author Comment

by:Fermion
ID: 12031512
Thanks. If I am reading the comments correctly, they would suggest that a hardware firewall is superior to a software firewall. With my limited knowledge of firewalls(so please correct me if wrong), I would asume that this is because a hardware firewall is presented as the ONLY connected device to the internet, and becomes configured such as to where the connected computers are are "hidden" behind the hardware firewall??
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12031615
Correct, basically...  A hardware firewall guards your perimeter, whereas the software firewall only guards the machine it sits on..  When on the perimeter of your network, it insulates your network completely from intrusion, not allowing anything to breach your LAN...  And again, this is its primary and only job.   Most software firewalls can be cracked in some fashion, whereas a SPI Perimeter firewall is hardened to these attacks...

FE
0
 
LVL 4

Expert Comment

by:tmireles
ID: 12031797
That is very well worded FE.  

Fermion,  as FE said the best firewall is going to be a hardware one.
0
 

Expert Comment

by:chockymonster
ID: 12031909
One quite important thing to take into account is that a software firewall runs on a host operating system, be it linux, microsoft etc.

In the case of software firewalls there is always the possibility that the host  operating system can become comprimised. If this happens then your fancy firewall may as well not be there. It is very important to make sure that the host is secure!!!
What good is a firewall if the host is comprimised with virii and spyware?

A hardware firewall does not have this vulnerability as the operating system is solid state and not customisable, it is there to do one job and one job only!
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12031961
Thank you tm..  ;)
0
 
LVL 3

Author Comment

by:Fermion
ID: 12036071
Thanks to everyone!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question