Hardware based firewalls - mrwebb.com

Helping People On-Line

Internet safety and security should be your top priority! Beware of spyware, scumware, viruses, worms, identity theft and so much more. Be safe online!


Mr Webb On-Line Internet Safety and Security Information



Be Safe Online!!

Online Internet Safety - mrwebb.com

Navigation:

  Home

  Viruses & Spyware
  Intrusion Detection
  Spy & Virus Scanners
  Prevent Spyware
  Clean Your Browser
  Start Page Hijacking
  Popup Stoppers
  Backup Your Data
  Firewall Info
  Password Safety
  Firewall Security
  Hardware Firewalls
  Win XP Firewall
  Online Child Safety
  After an Identity Theft
  Privacy services
  Proxy servers
  Wireless networks
  Testing Your System
  Safe Downloading
  Privacy Policy
  Bookmark Us


Hardware based firewalls - Why they are different from software based firewalls.

This article will not attempt to explain how firewalls work nor is this the place to discuss things like IPSEC, VPN, packet-filtering Network layer firewalls, Application layer firewalls, proxies and routers. What we will discuss here is the basic differences between a hardware firewall and a software firewall in a windows environment.

To re-cap some of the sections you may have already read on the workings of firewalls we will however give a short description of what the firewall does in general terms.

Essentially a firewall is a method to protect us from unwanted intruders from the internet (or the local network we are on). The firewall will block everything and anyone looking to get in unless we specifically asked for it (this applies for most types of firewalls).

In that sense the firewall is easy to compare to a medieval castle complete with moat, outer wall and inner buildings. The moat and the castle wall serve to make our castle safe from attacks (in our case safe from hackers) and to allow us to be selective what we open our gates to.

A firewall, much like the castle wall, is incapable of making decisions on it's own. Anything that wants to come in will have to wait for the owner of the castle (us!) to decide whether or not the gates should be opened. Thankfully for us the firewall (unlike the castle wall) is capable of remembering what we decided before if a particular piece of information (which all internet traffic is) wants to get in again (for the 2nd or more times). This allows the firewall to act more or less independently working according to a set of rules we have set.

In order to understand the difference between hardware and software firewalls we will first have to take a look at how networks are set up in general.

All computers in a network are linked together (provided there is more than one computer on a network). All these computers then make a network connection to only one computer in the network (this is done via IP addressing). This single computer is then in charge of making a connection to the internet and allowing all other computers to make a connection (through it) to the internet.

The computers that do not have their own internet connection are considered to be 'clients' and the computer that has the internet connection is considered a 'server'. If you only have one computer at home and it is directly connected to the internet then your computer is a server and a client all rolled into one.

To secure all these clients and our server from attacks from the internet we have two basic types of firewall we can use:

Software firewall
Hardware firewall

Software firewall

A software firewall is installed on the server (sometimes also on individual clients) and can be treated much like any other program that runs while you are using your computer. If you have any icons in the bottom right of the screen (for windows users) then all these icons represent programs that are currently running on your computer. Some are only activated once you click on them and others, like firewalls and virus scanners, usually are active all the time.

Software firewalls are considered to be fairly cheap (some are free), reliable, easy to use and are often employed in smaller home networks or for personal use.

Hardware firewall

A hardware firewall, unlike the software firewall, is not installed on the server nor can it be installed on any of the clients. A hardware firewall represents an independent machine that has the sole purpose of 'fire walling'. A hardware firewall is an additional computer in a network and is added 'after' or 'in front' of the server. When using a hardware firewall the firewall is installed between the internet connection and your server to which all the clients connect.

Hardware firewalls mainly serve the purpose of preventing 'hackers' (those little nasty men with swords and bows standing in front of our castle) from talking directly to the server or any of the clients. This increases security dramatically but also adds to the cost of the network.

As you can imagine adding a dedicated firewall (like a router) to your network can cost a considerable amount more than just installing a basic software firewall.

Hardware firewalls are usually installed on 'hardened' Operating systems which are less prone to attacks from the internet but generally can also be considered less user-friendly than the average windows machine. This results in hardware firewalls being used in all sorts of companies and the more network-experienced home businesses and home users.

Unfortunately, the difference between a hardware and a software firewall isn't as simple as was described above. Once a hardware firewall has additional components installed like a VPN (virtual private networks) it no longer just has the job of protecting your network. This makes it (arguably) a software firewall and has been an issue under discussion by many experts in the field of networking and security.

Nonetheless the basic considerations we described above come as close to making the difference between hardware and software firewalls as can possibly get without getting too technical.


Copyright © 2004 - 2005 www.MrWebb.com. All Rights Reserved.