I am looking for a good firewall i thought i buy a software firewall but i heard hardware are the best.
is a software fire better than a hardware firewall ?
- Thread starter boyz
- Start date
While it's true that they all run on software, hardware firewalls are safer. The reason it's so is that if you are using a hardware firewall, "bad" traffic never gets to the machines that you are trying to protect.
However, if you are using a software firewall, the traffic must reach your protected machine and only THEN will the software firewall do something about it. Also, software firewalls are more prone to problems because someone can shut it down, it can crash and stop protecting, or there may be some remote exploit to bypass it. Remember that bad traffic is already at your machine before the software firewall reacts to it.
The hardware firewall places yet another node that must be broken before reaching the destination.
However, if you are using a software firewall, the traffic must reach your protected machine and only THEN will the software firewall do something about it. Also, software firewalls are more prone to problems because someone can shut it down, it can crash and stop protecting, or there may be some remote exploit to bypass it. Remember that bad traffic is already at your machine before the software firewall reacts to it.
The hardware firewall places yet another node that must be broken before reaching the destination.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
While it's true that they all run on software, hardware firewalls are safer. The reason it's so is that if you are using a hardware firewall, "bad" traffic never gets to the machines that you are trying to protect.
My Linux firewall serves the same function and the 'bad' traffic never gets to my internal machines. And it's far more functional.
I would never recommend something like ZoneAlarm or whatever the popular Windows Spyware is today.
Also, software firewalls are more prone to problems because someone can shut it down, it can crash and stop protecting, or there may be some remote exploit to bypass it.
You mean like all those Cisco DSL routers that crashed when nimda hit them?
Remember that bad traffic is already at your machine before the software firewall reacts to it.
Remember that getting around a 'hardware' firewall is just as easy as getting past a software one. You could probably say you also have to worry about the host OSes NIC driver and IP stack, but more than likely the OS will crash if a bug is hit in them.
My Linux firewall serves the same function and the 'bad' traffic never gets to my internal machines. And it's far more functional.
I would never recommend something like ZoneAlarm or whatever the popular Windows Spyware is today.
Also, software firewalls are more prone to problems because someone can shut it down, it can crash and stop protecting, or there may be some remote exploit to bypass it.
You mean like all those Cisco DSL routers that crashed when nimda hit them?
Remember that bad traffic is already at your machine before the software firewall reacts to it.
Remember that getting around a 'hardware' firewall is just as easy as getting past a software one. You could probably say you also have to worry about the host OSes NIC driver and IP stack, but more than likely the OS will crash if a bug is hit in them.
In this statement, I think a linux firewall computer would be considered a hardware solution. Off the shelf firewall routers and dedicated firewall machines would fall in this category.
By software solution, I guess you would mean software that was installed on individual machines with direct net connections.
In this case, a hardware solution is definitely better for controlling malicious traffic.
Once a hardware solution is decided upon, which it should be, then you get into a reliability and ease of use issue. I personally like my linux router/firewall because it is infinitely configurable. Also I created it from a machine with no moving parts, which has made it very reliable.
All this being said, it never hurts to run software firewalls on individual machines as a little extra security.
- Oct 25, 1999
- 29,553
- 430
- 126
In general, security issues at home, small office. and entry level systems involve:
1. Unauthorized Internet traffic coming in (from the Internet to your computer).
2. Unauthorized Information going out (from your Hard Drive to some one else Web Server), AKA software calling home.
3. Accidental leakage. Firewall left disable, computer left in DMZ etc.
Unauthorized Information going out is mainly a function of ?spyware? and programs that are ?calling home?. Unfortunately, the amount of programs that are calling home is growing by the day.
The Hardware Firewall provided by most Cable/DSL Routers, is an excellent tool. However, it mainly secures the Incoming traffic, to secure the Outgoing aspect you need to add Software firewall.
Thus, many Router owners use the combination of Hardware, Software Firewall.
A popular software firewall is ZoneAlarm (Basic version free).
ZoneAlarm Download.
Norton Internet security provides very good live control on info going out (Not free).
Norton Personal Firewall 2002.
You can check your system's security by logging to the following page, scroll down, and click on Shields Up.
Gibson Default Page.
Gibson Default Page.
*************************
Since at times I have to disable the Firewall (some Internet site will not function correctly with Firewall filters On), or I have to put one computer in the DMZ, I take a third measure of security, by installing NetBEUI. (Yeah! Yeah! I know NetBEUI is archaic, and not supported by Microsoft any more, but it still supports me very well).
NetBEUI is not Routable to the Internet, thus local network traffic can not go out.
My experience (on variety of small network settings) shows that Surfing the Internet is smoother if the main network traffic is done via NetBEUI, and TCP/IP is reserved to Internet activities only.
*******************************
A different approach is to skip all of the above. You can put one old computer (the one that is in the back of the closet) with two NICs, and dedicate it to be a Firewall Router. You have to install one of the variants of Linux (many are free) as your Main protection.
This is also known as ?The Linux Box?. It worth while to do it if you really want to have a nice learning project, or if being ?cool? is more important then connivance.
Want to know more about the idea log here:
Firewall and Proxy Server HOWTO.
Installing a Firewall does NOT solve the "security" problem.
******************
Instructions to find and install NetBEUI on WinXP are here:
Where is NETBEUI in WinXP?
After Install NetBEUI appears in the list of available protocol, there in no properties for NetBEUI since there is nothing to configure.
Make NetBEUI Default, and the sharing protocol in WinXP.
Right-click on the:
"My Network Places? on the desktop to display the ?Network Properties"
In the Network Properties Window, pull the Advance Menu, and click on advanced settings.
Choose the Adapters, and Bindings tab.
Hi-lite Local Area Connection.
The lower part of the windows shows you the available Share and Protocol.
NetBEUI has to be in first position in both settings, to be Default Protocol.
You make it first by Hi-lite NetBEUI, and move it up using the Arrow on the right side.
Uncheck the TCP/IP binding form Sharing.
It should look like this:
Advance Settings Win XP.
The trick is to bind TCP/IP only as a Client to Microsoft Networks, and to bind the File, and Printer Sharing only to NetBEUI.
Doing so decrease the probability of your files been world wide available through the Internet.
At times when my 8 year old grandson wants to use my Network to play, I thought him how to check the TCP/IP in the above menu (of course he is very reliable, and will uncheck it when he is done).
1. Unauthorized Internet traffic coming in (from the Internet to your computer).
2. Unauthorized Information going out (from your Hard Drive to some one else Web Server), AKA software calling home.
3. Accidental leakage. Firewall left disable, computer left in DMZ etc.
Unauthorized Information going out is mainly a function of ?spyware? and programs that are ?calling home?. Unfortunately, the amount of programs that are calling home is growing by the day.
The Hardware Firewall provided by most Cable/DSL Routers, is an excellent tool. However, it mainly secures the Incoming traffic, to secure the Outgoing aspect you need to add Software firewall.
Thus, many Router owners use the combination of Hardware, Software Firewall.
A popular software firewall is ZoneAlarm (Basic version free).
ZoneAlarm Download.
Norton Internet security provides very good live control on info going out (Not free).
Norton Personal Firewall 2002.
You can check your system's security by logging to the following page, scroll down, and click on Shields Up.
Gibson Default Page.
Gibson Default Page.
*************************
Since at times I have to disable the Firewall (some Internet site will not function correctly with Firewall filters On), or I have to put one computer in the DMZ, I take a third measure of security, by installing NetBEUI. (Yeah! Yeah! I know NetBEUI is archaic, and not supported by Microsoft any more, but it still supports me very well).
NetBEUI is not Routable to the Internet, thus local network traffic can not go out.
My experience (on variety of small network settings) shows that Surfing the Internet is smoother if the main network traffic is done via NetBEUI, and TCP/IP is reserved to Internet activities only.
*******************************
A different approach is to skip all of the above. You can put one old computer (the one that is in the back of the closet) with two NICs, and dedicate it to be a Firewall Router. You have to install one of the variants of Linux (many are free) as your Main protection.
This is also known as ?The Linux Box?. It worth while to do it if you really want to have a nice learning project, or if being ?cool? is more important then connivance.
Want to know more about the idea log here:
Firewall and Proxy Server HOWTO.
Installing a Firewall does NOT solve the "security" problem.
******************
Instructions to find and install NetBEUI on WinXP are here:
Where is NETBEUI in WinXP?
After Install NetBEUI appears in the list of available protocol, there in no properties for NetBEUI since there is nothing to configure.
Make NetBEUI Default, and the sharing protocol in WinXP.
Right-click on the:
"My Network Places? on the desktop to display the ?Network Properties"
In the Network Properties Window, pull the Advance Menu, and click on advanced settings.
Choose the Adapters, and Bindings tab.
Hi-lite Local Area Connection.
The lower part of the windows shows you the available Share and Protocol.
NetBEUI has to be in first position in both settings, to be Default Protocol.
You make it first by Hi-lite NetBEUI, and move it up using the Arrow on the right side.
Uncheck the TCP/IP binding form Sharing.
It should look like this:
Advance Settings Win XP.
The trick is to bind TCP/IP only as a Client to Microsoft Networks, and to bind the File, and Printer Sharing only to NetBEUI.
Doing so decrease the probability of your files been world wide available through the Internet.
At times when my 8 year old grandson wants to use my Network to play, I thought him how to check the TCP/IP in the above menu (of course he is very reliable, and will uncheck it when he is done).
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
In this statement, I think a linux firewall computer would be considered a hardware solution. Off the shelf firewall routers and dedicated firewall machines would fall in this category.
But in that situation with the Linux box I can also install other software like snort, log parsers, web servers, etc. Hell if I really want I can make it a second desktop machine.
then you get into a reliability and ease of use issue
The problem is most people take ease of use over reliability and configurabilty, passing up the more thorough good software for the cheesy easy software because they might have to actually read some docs and learn something.
- Oct 25, 1999
- 29,553
- 430
- 126
Up few posts ago, GigaCluster in his signature:
René Descartes answer to the eternal epistemological question.
"Cogito ergo sum." - "I think therefore I exist"
That may be true few hundreds years ago.
Regrettably Today:
"I shop therefore I exist" (j/k.)[/b]
To follow click here: RP114 Cable/DSL Web Safe Router with 4-Port.
JackMDS - That netgear router page is hilarious. Buy this and all your "hacker" problems will be solved. Read: hackers = evil. I want to know when hacker became a bad word.
I spent about a month getting my linux router project machine configured and usable and I don't regret a minute of the time spent. I just wish other people felt the same.
I spent about a month getting my linux router project machine configured and usable and I don't regret a minute of the time spent. I just wish other people felt the same.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter