• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Which firewall is better, hardware or software?

V

VBboy

Diamond Member
I'm sure most of you use a firewall, especially if you're on a cable modem. Is it worth paying $200 or so to get a "real" (hardware) firewall (looking like a hub or a switch), or will a software one (like ZoneAlarm) work just as well?

Are there any performance or security differences between these two types?
 
Well, hardware is better of course. Software is adequate for most people but I guarantee you than any decent cracker type person can easily get around Zone Alarm, BlackIce, etc. The protection you get with a hardware firewall is that you have your computers inside the firewall on a private IP address range which is not routeable - hackers can get to the IP address of your firewall but no further. Software firewalls do eat some CPU resources but it is usually minimal.

 
Hardware are certainly better choice.
You could get a fairly cheap linksys dls/cable router that has a built in firewall.

I have use it for a while but not anymore since in need to use VPN
to connect to office and I can seems to use with the router since it
binds to my NIC directly for authentication.
I'm just too lazy to get around it I guess 🙂

Cheers,
RL
 
If you have an old 486 or some computer like that I would recomend to use the Freesco software to set up a router/firewall... easy and very effective...
all you need is a 386/486/Pentium (or similar) computer with 2nics, 16MB of RAM and a floppydrive...
And yes, it is pretty secure and its also fast as h*ll....
 
If by better you mean more secure, I would say a combination of both.

A firewall/switch and zonealarm.

I use the DI-704 and zonealarm, I used to log between 12-30 scans/hits a day with zonealarm alone, now for over a month I havent had a single scan logged....... (actually thinking dumping zone because it hogs memory and interferes with some net programs causing lockups)
 
I agree with Helznicht. We have the same setup where I work. We don't actually have a router with firewall built in, but we have a linux box that's running as the firewall. Everything is also forwarded through SSH tunneling for ultimate security. ZoneAlarm then sits on all Windows machines behind the firewall and all remaining linux boxes also are running a firewall. So if you can find a really crappy computer for free with a floppy drive and a couple of nics, you could set that up using a floppy disk to run linux off of with the firewall and all that good stuff running on that machine.
 


<< Is it worth paying $200 or so to get a &quot;real&quot; (hardware) firewall >>




Well first off you cant get a REAL hardware firewall for under $200, im assuming you mean a router? they are fairly secure but not on the level of real hardware firewall's. And you can build a freesco box for under 200 that will be more secure than a router so i would go that route, unless you want to lay down $4000+ on a hardware firewall.
 
how effective is the SMC Barricade 4 port that was the amazon special a while back? My friend told me that it's pretty much the same as a s/w firewall.. not very effective. Is this true?

2nd question - if I wanted to hook up a mandrake server also w/ the barricade, what firewalls would you guys recommend? What would I install where? I plan on having a linux box, SMC barricade, 2 other machines on the network - one win98, the other aanother linux box.
 
Freesco is great, but it does not support dynamic ip, and that eliminates all dialup and most broadband users (well a lot of @home users anyway). I use Zonealarm, but am working on a Linux firewall box. I have used several of the broadband routers before and they seem to work well, I wasn't ever hacked...
 
Hardware, of course. But I'm not talking the cheap $50 &quot;routers&quot;. You need stateful packet inspection, for sure.
 
If a certain hacker is skilled and knowledgable enough to get past your switch/ip masking/firewall, then that certain hacker wont want anything from your lame little home network.

IMO anyways.
 
I use the linksys DSL/Cable router. I installed Zone ALarm and ran it for a month without a single scan or hit. So I uninstalled it.
 
I used Sygate for quite a while... installed on an NT4 box on my lan. It worked ok, but would require frequent (cupla x a wk) restarts... If you want a solid, no brainer, no hassle firewall, then go with a hardware solution. Check the hot deals forum... prices have dropped and I would imagine with creative coupon usage, you could get something under 100 bucks.

BTW, I've been using a Linksys Cable/DSL router / 4 port switch w/ my lan for well over a year and have had no problems.
 
Remember the number one rule of security. It's not to make sure that your network isn't 100% secure (although nice, this will never happen), it's to make your network look less attractive to break into than someone elses. And you can bet that if a hacker who's just having some fun sees someone running either a hardware or software firewall with no gaping holes, they will probably move on to someone easier, like a cable modem user with file and print sharing enabled. They are looking for the easy targets because 90% of &quot;hackers&quot; are script kiddies anyways, and their scripts don't find holes in most firewalls. IMO at least. Hardcore hackers on the other hand, probably could break into your network, but they have better things to do. Like get paid $250,000 a year to do security for some huge company.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top