Quote:
Originally posted by TheJackal
2. Whats the difference between a software firewall and a hardware firewall?
3. What would be the benefit of having a software firewall over having a hardware firewall? Or having a hardware firewall over a software firewall?
|
Hardware firewall is a dedicated device that offers firewall services, like the Cisco PIX (
www.cisco.com/go/pix) or the Sonicwall (
www.sonicwall.com). These are devices that are built from the ground up to offer firewalling services.
A software firewall is an application that runs on either a PC, like Tiny (
www.tinysoftware.com), Zone Alarm (
www.zonelabs.com) or on a dedicated server like Checkpoint (
www.checkpoint.com).
There is a hybrid type of firewall, those that are embedded on routers, like the Firewall feature set on a Cisco router or on some of the Linksys or D-Link routers.
As to which one is better really depends on your specific application and support capabilities. For a home user, any of the above will serve your purpose as your thru put requirements are not a severe as those for an enterprise level business.
In an enterprise, a dedicated appliance (hardware firewall) is generally superior as the the cost per thru put is lower. Also you need to factor in support and manageability. A software firewall (like Checkpoint) runs on top of a general purpose operating system, like UNIX or NT, and for that type of firewall to be effective, the IT staff must keep both the O/S and the firewall software patched and current, whereas with an appliance, you have only one "O/S" to keep up to date, which can be a daunting task.
In addition to match the performance of, lets say a Cisco PIX, you would need to have a rather robust and powerful server to gain the same level of thru put.
Again, it really depends on your networking (WAN/Internet) environment, small deployments (less than 10 people), keeping a personal software firewall up to date and current is not a big issue, but scale that to 10+ people, it is much easier to config and maintain an appliance.
Picking a firewall, especially for a business, is a serious business, as the business has data and computing assets that are the life blood of that business and needs to be protected the best it can.
One other thing: Network/data security is NOT a technology, but rather policies and procedures backed up and enforced by technology. If you have the habit of opening unexpected attachments or having simple, easy to guess/crack passwords (anything less than 8 characters, with a mix of letters, numbers and symbols, is a disaster waiting to happen), then no technology made will protect you from your own stupidity.
long winded answer, but I hope it helps.