The Differences & Features of Hardware & Software Firewalls. Why we do need CFP

:THNK (L)
Hi Firewalls companions!
Why we do need CFP! This an article extracted from webopedia which clarified the difference between hardware and software firewalls and why we do need them. It’s a good review for the novice ones. Best Regards. Good reading!

"The Differences and Features of Hardware & Software Firewalls
A firewall is a protective system that lies, in essence, between your computer network and the Internet. When used correctly, a firewall prevents unauthorized use and access to your network. The job of a firewall is to carefully analyze data entering and exiting the network based on your configuration. It ignores information that comes from an unsecured, unknown or suspicious locations. A firewall plays an important role on any network as it provides a protective barrier against most forms of attack coming from the outside world.

Firewalls can be either hardware or software. The ideal firewall configuration will consist of both. In addition to limiting access to you computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.

While many people do not completely understand the importance and necessity of a firewall, or consider it to be a product for businesses only, if your network or computer has access to the outside world via the Internet then you need have a firewall to protect your network, individual computer and data therein.

Hardware Firewalls
Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available.

A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.

As with any electronic equipment, a computer user with general computer knowledge can plug in a firewall, adjust a few settings and have it work. To ensure that your firewall is configured for optimal security and protect however, consumers will no doubt need to learn the specific features of their hardware firewall, how to enable them, and how to test the firewall to ensure its doing a good job of protecting your network.

Not all firewalls are created equal, and to this end it is important to read the manual and documentation that comes with your product. Additionally the manufacturer’s Web site will usually provide a knowledgebase or FAQ to help you get started. If the terminology is a bit too tech-oriented, you can also use the Webopedia search to help you get a better understanding of some of the tech and computer terms you will encounter while setting up your hardware firewall.

To test your hardware firewall security, you can purchase third-party test software or search the Internet for a free online-based firewall testing service. Firewall testing is an important part of maintenance to ensure your system is always configured for optimal protection.

Software Firewalls
For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system. Additionally, software firewalls may also incorporate privacy controls, web filtering and more. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it.

Like hardware firewalls there is a vast number of software firewalls to choose from. To get started you may wish to read reviews of software firewalls and search out the product Web site to glean some information first. Because your software firewall will always be running on your computer, you should make note of the system resources it will require to run and any incompatibilities with your operating system. A good software firewall will run in the background on your system and use only a small amount of system resources. It is important to monitor a software firewall once installed and to download any updates available from the developer.

The differences between a software and hardware firewall are vast, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits. Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly."

(:CLP) (B)

Thank you carioca for this post, since a long time I’ve been thinking of these matters - software vs. hardware firewalls. I’m no techie, so I don’t get all the details of how the firewalls work, but what I still wonder after having read the text is: How do you know that a hardware firewall is good? Isn’t there a great difference between different products, like Matousec show with software firewalls? How can you update a hardware firewall? Is there anything a hardware firewall can do, that Comodo can’t?

LeoniAquila

For most people, using a router and a software firewall is part of layered security. It makes its just a little more difficult for the bad guys to get in and the bugs to get out.

Updates are generally via firmware, but of course you need to attend to the rule management.

I’m sure if you goggle for reviews, you’ll find a ton, maybe DSL reports has some…

Thank you Toggie for the information. I don’t currently have a router, but probably a router for a wireless home network is something I’ll buy in the future. Until then I’ll rely only on CPF!

/L

:■■■■
Dear buddy,
I have bought the netgear wireless router and firewall model wgr614 v7 which I might recommend to you and I’m very satisfied with it. take a look at www.netgear.com.Best Regards.
(L)

Thanks! I’ll consider Netgear when the time to get a router comes.

Continuing in the topic of hardware/software firewalls; my brother only uses hardware. Software - only the XP built-in firewall. I find this a bit strange since he is professionally interested (and to some extent educated on university) in the topic of computer security, especially net traffic and firewalls, actually. Obviously he thinks it’s enough with hardware. I believe his only software protection is Avira Antivir PE Classic… :o

(S)
FYI your brother is wrong for the reason outbound protection it’s very important, too.Only windows xp firewall together is not enough. By Using only windows xp firewall has been proved It fails the outbound protection by many articles all over the security internet forum.You need a software firewall like comodo firewall or what else because hardware firewall only protects inbound and with a software firewall together with a hardware firewall will be protected inbound and outbound and why we need comodo firewall at all. Do I have been cleared ,buddy?Best Regards.

I have some security-related certifications, so I think I may add some thoughts here.

There are several things to apply firewall onto:

• Inbound attempts
• Outbound attempts
• Listening attempts

Inbound connections usually need listening ports on your computer, but some inbound attempts do not seek listening ports. Instead, they may be scanning attempts to find security holes on a PC.

A router acting as a hardware firewall easily blocks Inbound attempts, as the attacker will be scanning a router instead of a normal PC. With proper firmware, any router should be safe from these kinds of attacks.

A router performing NAT (Network Address Translation) will also protect against listening attempts, i.e. spybots or zombiebots installed (inadvertently) on your PC, opening up a port so that hackers can spy on you or misuse your computer. This is because the opened port(s) are not visible to the public world.

However, a router will not protect against Outbound attempts, e.g. a spybot installed on your PC sending sensitive information directly to a certain IP address on the Internet.

You can though protect yourself against such malwares using a good antivirus + BOClean. However there may be a slight chance that a malware goes undetected and does its malevolent deed. In this case, only a locally-installed firewall will be your detection mechanism, by alerting you to a Outbound attempt that you hopefully can regard as suspicious.

That said, if you be very careful in installing programs on your PC, a hardware firewall (e.g. a NAT-performing router) + AntiVirus (regularly updated) + BOClean (regularly updated) should be enough.

But why gamble? Install a software firewall for better defense.

i agree with the excellent explanation that Pepoluan has given.

To put it simply there are 3 main layers (of course this is a 60,000 ft overview) for security

1. Prevention
2. detection
3. cure

A Hardware router will help prevent but won’t detect… that is where AV, Boclean etc come in … Of course Software firewall does have its prevention capability as well, but what differentiates itself from a hardware firewall (router) is its Detection capability of someone trying to make a call home. There are different levels of detection one needs to put in: (just like a burglar alarm will have the doors, windows etc covered, there are many points for detection). Thats where AVs, Boclean, Firewall’s come in. They offer detection at different points that, once combined, creates a decent enough layered protection.

thanks
Melih

Thank you all for your posts. As for my brother, I’m sure that he understands all this, but obviously he’s a gambler Or he consider his computer as too slow for anything except a FW. Which I find a bit strange. I’m no expert - you are - but I would go for the prevention layer as the most important, considering the threats of the internet. One year ago I didn’t know a thing in the topic of security. Today I would never sleep well at night if it wasn’t possible to block outgoing connections. Just imaging how Windows and running applications would live its own life, not being controlled at all.

Melih, if you would rank the three layers, would it be as you write above - from 1-3? Or do you prefer not to rank at all? Perhaps it depends a bit on the user? As I’ve discussed with Soya quite a few times, if one is very careful, the only really essential layer should be a FW…

/L

My ranking would be

1)Prevention : I mean, can you see any houses without doors!? There isn’t any! So even in the physical world prevention is the first line of defense
2)Detection: like a burglar alarm… its good to have, but there are some houses without burglar alarms.
3)Cure: again, there are houses with no insurance.

However, all 3 are important as you need a layered security.

thanks
Melih

(J) :THNK
Hi Forum companions,
I came out with this article about the topic we’re arguing which I expect to be very conclusive to this subject, as follows:

"Understanding Firewalls When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall.

What do firewalls do?
Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through (see Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information). They are especially important for users who rely on “always on” connections such as cable or DSL modems.
What type of firewall is best?
Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.
Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet Service Providers (ISPs) offer devices called “routers” that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50).

Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don’t have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD, DVD, or floppy disk. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you’re trying to protect may hinder the firewall’s ability to catch malicious traffic before it enters your system.
How do you know what configuration settings to apply?

Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you’ll need to read and understand the documentation that comes with it in order to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a web site). Also, alerts about current viruses or worms (such as US-CERT’s Cyber Security Alerts) sometimes include information about restrictions you can implement through your firewall.

Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don’t be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and “safe” computing practices) will strengthen your resistance to attacks (see Understanding Anti-Virus Software and other security tips for more information).

Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top tips for home users.
Authors: Mindi McDowell, Allen Householder
Copyright 2004 Carnegie Mellon University. Terms of use"

(:NRD) :BNC

That would be the best explanation on the issue I’ve ever got Melih. (:CLP) Sure IT experts don’t need it so simply put the rest of us are thankful.

I think it’s a great explaination too. It should be all that the average user needs to know; however - unfortunately - I don’t think they do know. 99% (of the average users) seem to know that they need an AV. Then they’ll likely go with Symantec Norton because it’s preinstalled on their systems. If they by any chance understand the need of a firewall, they use a Norton suite (or similar)… the others use the XP (or Vista) built in firewall. Lips sealed! :-X They never think in terms of prevention, only “I’m safe with my updated AV”. This is why the Comodo users need to spread the word, to tell people that an ordinary AV sometimes isn’t enough, and that there is free software available that goes beyond their currents solutions!

Thanks,
L

LeoniAquila,

Obviously I don’t know your brother, but I do know some computer security guys that do not use software firewalls. Through working with Windows Services and connectivity stuff “behind the scenes” they “harden” their defenses and control access down to the finest detail. They consider this to be secure, and perhaps it is. For those of us who don’t have that level of knowledge, I think it’s best to use appropriate security, as pepoluan so eloquently explained.

LM

LM,
That’s interesting to read. To be honest I would never guess that it was possible at all, to manipulate Windows to such an extent that you have enough control and security. Without actually knowing much about operating systems, however, I suppose Linux and Unix systems are very manipulable. But yes, we’d better use “out of the box” security layers, unless we have that level of knowledge…

LOL. I am ■■■■ when it comes to security, having seen and experienced firsthand what could happen when security is breached.

Sooo, on any new non-domain Windows installation, “services.msc” is the first thing I fired up. Kill all unnecessary services. Then into “Local Security Policies”. Then “gpedit.msc”. I make sure to kill / disable / restrict dangerous things, e.g. autoplay.

Then, I install a firewall. Used to be ZoneAlarm, but guess what now

Then, I install an antivirus: Either AVG or Avast, depending on user’s preference (I gravitate toward Avast, but it’s a free world ). Lately I also install BitDefender 8 Free Edition in addition to AVG and Avast.

Finally, all things done, I rename the Administrator account (just to make it harder for people to ‘stumble’ upon it), make a fake Administrator account, and make personal user accounts (with necessary security rights).

Then I delegate all daily maintenance to the deputy admins

Edit: And one more thing: To ensure that the Windows is as updated as possible in the shortest time possible (i.e. 0 hour after installation), I never install using the original Windows XP / Win2003 CD. I go to RyanVM’s site, download his update pack, and stream it into the installation CD using the RyanVM Integrator utility, in effect making an installation CD that has all security updates since SP2 was released.

can you give list code program for comodo firewall?

List code program?

What do you mean? ???