- Back to Home »
- Firewall »
- Hardware Firewalls vs. Software Firewalls
Sunday, July 27, 2014
Hardware Firewalls vs. Software Firewalls
The idea of firewalls has existed since long before computers and the Internet. A firewall is a barrier which is put into place for protection. Originally, this meant protection from an actual fire, such as a firewall between two apartments to prevent flames in one apartment from spreading to its neighbor. In computer lingo, a firewall is implemented to protect a computer from danger.
In addition to computer viruses, there are other Internet hazards that computers need to be shielded from. Much of this is malware, or programs which are intended to invade computers and steal information, rather than disable the computer. While some malware is relatively benign, only causing advertising to appear on the computer, other malware copies information off of the computer and sends it off to the malware’s originator, either for sales purposes or for identity theft.
Much of the time, this malware piggybacks on other programs, file downloads, or email, just as viruses do. Since the user gives permission for this data to be downloaded to the computer, malware programs are very difficult to detect before they get into the computer. However, they can be detected once they are installed.
Another long-standing problem on the Internet is hacking. Hackers have existed since before the Internet, seeking ways to get into computers and access information. While most hackers break into computers purely as a game, to prove that they can do so, there are those who hack into computers to steal information, ideas, or even money.
Since some hackers develop programs that do their work for them, going around the Internet to snoop into computers and see what they can find, the line between hacking and malware is a fine one. In either case, these are things that we do not want on our computers.
Firewalls exist to protect a computer from hackers, and to a lesser extent, from malware. It is important to note that firewalls cannot protect a computer from viruses. One must have virus detection software installed as well, and run regular scans of the computer. Most virus software can be configured so that it will run these scans automatically, with minimal user input.
Firewalls come in two types, hardware and software. In reality, the hardware ones have software inside that actually does the work. However, they are referred to as hardware firewalls because they are a separate box, rather than a program installed in the computer.
Types of Firewall Architecture
There are three types of architecture used for firewalls. To clarify, the term "architecture" refers to the collection of hardware and software components and their interfaces, which work together to create a functioning system.
Stateful Inspection
Stateful inspection actively examines the state of any active network connections. Based on this information, it determines which packets of information to accept and which ones to reject. This provides the highest level of intrusion protection of any firewall, along with the highest level of access control.
Proxy
Proxy firewalls require the use of a proxy server in the Internet cloud. The user’s computer acts as a proxy client, requesting information or resources from the proxy server, rather than from the actual website or computer. Once the proxy server verifies the request, it makes the request to the website or server. It is typical for proxy servers to provide detailed logging and password access protection to help maintain security.
The extra steps that a proxy firewall requires slow down the connection and retrieval of any information. For this reason, they are not very widely used. However, they are highly secure.
Packet Filtering
Packet filtering is the simplest and least secure form of firewall. It works by examining the header of packets of information and allowing or disallowing them to pass, based on pre-programmed or user-defined rules. A common rule is to only allow packets of information that have been requested from a remote location by a computer on the local area network (LAN).
Hardware Firewalls
A hardware firewall is a black box which sits on the upstream network line, protecting everything on the network. In a business environment, this allows the firewall to protect a department’s LAN from intrusion by other departments. In the case of departments which have sensitive information, such as the accounting department or human resources, this provides an extra layer of security for that data and the company overall.
These firewalls work by packet filtering, so they cannot catch everything. However, they cannot be easily defeated by malware, some of which directly attacks software firewalls. Since they are not installed on any computer, they do not slow the computers down by taking up system resources.
Many network routers have built-in firewalls. This helps reduce the cost by eliminating the need to buy a separate firewall. However, standalone hardware firewalls do exist, and are typically more robust in their protection than those which are internal to the router.
The major disadvantage of a hardware firewall is that they are harder to configure, especially for a novice computer user. In addition, they treat everything outgoing from the computer as if it is safe. This can cause problems in the case of some types of malware, such as trojans which try to connect to the Internet from the computer that they infect.
When anyone disconnects their computer from the network and connects through an alternate Internet access point, such as when traveling, they lose the protection that the hardware firewall provides.
Software Firewalls
Software firewalls are programs installed on a computer to catch malware and hackers. They work by residing between the computer’s software and the network connection, examining everything that goes in or out to determine if it is a valid request. As such, they can often catch malware, whereas hardware firewalls cannot.
This type of firewall does use system memory, processing time, and other resources. Therefore, it can slow down a computer’s general operation and especially the computer’s Internet communication. When shopping for software firewalls, it is important to compare how much system resources they require.
Software firewalls are much easier to configure than hardware ones and can be individually configured by the user. With a few mouse clicks, the level of firewall protection can be customized to the individual user’s preferences and needs. The highest level of protection would include blocking all cookies and JavaScript; however, it should be noted that this will prevent some web pages from functioning.
With a software firewall, the user can define which programs have permission to access the Internet. When set up in this manner, any other programs which try to access the Internet, such as malware, are automatically blocked. Since these firewalls reside in the computer, they are highly portable, going wherever the computer goes.
The biggest disadvantage of software firewalls is that they do use up some system resources. While well-written firewall programs use a minimum amount of system resources, others can use enough to severely reduce system operating speed. In addition, each computer must have its own copy or license for using the firewall. In a large company, this can be costly.
Deciding Which to Use
Deciding between buying a hardware firewall and a software firewall is mostly an issue of comparing the two and determining which will work best for one’s particular application. Each has its own advantages and disadvantages. Let us summarize:
Hardware Firewall | Software Firewall | |
---|---|---|
Ease of installation |
Very easy
|
Easy
|
Ease of configuration |
Hard
|
Relatively easy
|
Portability |
Not portable
|
Very portable
|
Cost |
Less expensive
|
More expensive
|
Computers protected |
Entire network
|
Only one
|
Effect on system performance |
None
|
Some
|
Affected by malware |
Not
|
Can be
|
Scanning of outgoing traffic |
None
|
As configured
|
Flexibility (user-to-user) |
None
|
Very
|
IP address masking |
Can do
|
Cannot do
|
This chart makes it rather clear that neither option is perfect. Rather, most networking security experts recommend installing both hardware and software firewalls on a computer for the best possible security. This way, computers are protected both while on the network and when away from the office.
Buying Firewalls on eBay
Both hardware and software firewalls are available for sale on eBay. To find hardware firewalls, start from the Electronics area of the main eBay navigation menu. From there, select <a data-cke-saved-href="Tablets" href="Tablets" and="" networking"="">Computers, Tablets and Networking. Once on the main "Computers" page, select "All Categories" from the navigation menu to open up the detailed navigation pop-up. Find the category Enterprise Networking, Servers and then the subcategory Firewall and VPN Devices . From this page, you can select the Firewallfilter to eliminate the VPN devices.
VPN stands for Virtual Private Network. It operates similar to a proxy firewall. So, in a sense we can refer to a VPN as a type of firewall.
Software firewalls are found in the software section of the computer area. To find them, start the same way as to find hardware firewalls. In the detailed computer navigation pop-up menu, find the category Software, and then look for the subcategoryAntivirus and Security. Once on this page, use the Firewall Software filter to filter out the other types of security software.
Conclusion
With the high risk inherent in connecting to the Internet today, having a firewall is essential. Between malware, hackers, and those practicing identity theft, the need to protect any computer is acute. Firewalls and antivirus software are both essential parts of this protection.
The debate goes on about whether hardware or software firewalls are better. Each has its advantages, which are often weaknesses in the other type of firewall system. Most computer security experts say that it is best to install both types of firewall, hardware and software, to ensure the best possible protection.
Firewalls will not catch viruses or even all types of malware. In addition to a good firewall, it is important to have good virus-scanning software. Most companies that offer this software do so on an annual contract basis, allowing the licensee unlimited free upgrades throughout the year. This is an important feature, as these packages are constantly being upgraded as new virus and malware threats are discovered.