Results 1 to 9 of 9
  1. #1
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    USA
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    I have heard and read many conflicting reports about which is the best choice of a Firewall--software or a router. Tech TV has done a series with the CTO of One Secure and they emphatically urge that a router is far and away the best firewall. I don't have a network set up, so the firewall purpose would be my only reason for getting one now. I was on the verge of buying one, and an IT type who said he ran a huge enterprise firewall talked me out of it saying that no one was interested in my files and that my current one (Norton Internet Security) was adequate. I have been told/read to turn off XP's own firewall to prevent a conflict or a "firewall war" between them so I have. I have been linked, possibly here, to a paper that had deatiled instructions for tweaking XP's firewall, but I had been led to believe that Norton's was better. So which one, software or router, is better or more secure and why? Do routers do more sophisticated packet inspection and protect ports better? When this discussion comes up, a lot of technical jargon--TCP/IP seems to sprinkle the conversations and "heuristic inspection" is one of the first things I always hear. I will be glad to go out and get a router if I hear her there is a clear reason for using it as a firewall, and then the question becomes is there a preference among the three or four that are commonly in stores for the home user on a single desktop?

    Thanks,

    defrag

  2. #2
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Toronto, Ontario, Canada
    Posts
    1,139
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    I don't know if either one is better than the other.

    Having said that, I have a Linksys BEFSR41 4 port router AND ZoneAlarm running on my XP Pro machine.

    The router will protect INCOMING stuff, but I specifically use ZoneAlarm to protect from any OUTGOING stuff that may have gotten in.

    ZA will protect from incoming as well, but I needed the router because I have a laptop that I need to connect to my DSL line.

    Even if I didn't have the laptop, I think I'd still get the router, while still running ZA.

    I know this doesn't really answer your question, but it is how I have decided to connect to the 'net.

    I also know several people that do it this way as well, not even based on recommendations from me.
    --
    Bryan Carbonnell - Toronto <img src=/S/flags/Ontario.gif border=0 alt=Ontario width=30 height=18> <img src=/S/flags/Canada.gif border=0 alt=Canada width=30 height=18>
    Unfortunately common sense isn't so common!!
    Visit my website for useful Word, Excel and Access code, templates and Add-Ins

  3. #3
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    I agree with Bryan

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  4. #4
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    USA
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    Thanks, and I understand the network function of your router, Bryan, but can't your Router keep info from going out and Trojan Horses from shipping it out? I thought most people
    recommend NOT running a software firewall and a hardware firewall--or at least I have seen this, and that one of the main advantages the routers or hardware firewalls had over software was their ability to stop information from being shipped out by a Trojan horse or other means.
    Again, I'm confused by your answers because doesn't a hardware firewall do everything
    and more, particularly block info from going out than Zone-Alarm Pro, NIS, or a software firewall?

    defrag

  5. #5
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    "thought most people recommend NOT running a software firewall and a hardware firewall", I do NOT know where you are hearing this. But I hear more the other way.
    As for Hardware firewalls control out going traffic, I think you will find that there is software provided with the router to do this. I have a older Netgear which does a great job of blocking incoming but no out going. Also with software firewalls on each machine, then the user of that machine can control more of the local network traffic as well as the internet traffic.
    Then one needs to take extra steps if one is using a wireless network type. The range is about 300 yards through the walls, which means that your neighbors have access to your network. Even the guys driving down the street with a wireless NIC can find you.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  6. #6
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Toronto, Ontario, Canada
    Posts
    1,139
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    I don't know if it is possible for the router to keep stuff from going out. I don't think so, or at least not easily.

    I have never heard of anyone recommending not running both hardware and software firewalls. Quite the opposite. Every recommendation was, the more the merrier. But don't run 2 software firewalls.

    What I like about ZA (over the router) is that it will pop up a dialog when something tries to go out. You can then let it out, this time or everytime or not this time or not at all. (See the attached screenshot)

    A DEDICATED hardware firewall may be able to do more than ZA or any other software firewall, but not the ones in the consumer grade routers. Now, I could be wrong on all this, since networking is one of the gaps in my geek knowledge that I still need to fill <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    But when you look at it, hardware firewalls are really dedicated hardware running very specific software.

    IMHO for a home consumer a router and a software firewall (ZA is my preferred firewall) are the way to go. Now if you are protecting a corporate LAN or WAN or anything of that scale, consumer grade stuff won't cut it.

    edited to attach image
    Attached Images Attached Images
    --
    Bryan Carbonnell - Toronto <img src=/S/flags/Ontario.gif border=0 alt=Ontario width=30 height=18> <img src=/S/flags/Canada.gif border=0 alt=Canada width=30 height=18>
    Unfortunately common sense isn't so common!!
    Visit my website for useful Word, Excel and Access code, templates and Add-Ins

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    One reason this is all a bit confusing is that the word firewall is used for a variety of different things. At the most fundamental level, most home routers run NAT

  8. #8
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    USA
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    Thanks for the perspective. I understand now that I need both and will get a router. I had worried that I might get into a firewall "war" with a hardware firewall and a software firewall "war" running at the same time. Now I
    have learned not to run two software firewalls, but that hardware and software firewalls can complement each other and may be necessary.



    defrag

  9. #9
    Silver Lounger
    Join Date
    Aug 2001
    Location
    Canton, Ohio, USA
    Posts
    1,716
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hardware v. Software Firewall--Which Is Best? (Win XP Pro)

    Defrag,

    I have to add my 2 cents. I agree with Bryon also. I too run a Linksys router and the manual that comes with it recommends also running ZoneAlarm, which I do. I have chosen ZA Plus and I have never had a problem outside of the initial setup.

    I have 3 machines all running ZA Plus, 2 Win 98 SE machines and 1 XPP machine and when I hooked them to my router they couldn
    H Lewton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •