Okay, I have a few questions:

1. Whats the difference between a hub and a router?

2. Whats the difference between a software firewall and a hardware firewall?

3. What would be the benefit of having a software firewall over having a hardware firewall? Or having a hardware firewall over a software firewall?

1 - A hub is just a device that receives information in one port and broadcasts it out ALL other ports. A router on the other hand receives information in one port and only sends it out the port that the destination station is attached to. This is based on the layer 3 IP address assigned to the destination station. The router builds a table of attached networks and keeps track which network(s) send data from which port. It uses this routing table to make all routing decisions. Also routers send out table updates to each of its neighbors to keep them updated.

I don't know enough about 2 or 3 to help.

Originally posted by TheJackal

2. Whats the difference between a software firewall and a hardware firewall?

3. What would be the benefit of having a software firewall over having a hardware firewall? Or having a hardware firewall over a software firewall?

Hardware firewall is a dedicated device that offers firewall services, like the Cisco PIX (www.cisco.com/go/pix) or the Sonicwall (www.sonicwall.com). These are devices that are built from the ground up to offer firewalling services.

A software firewall is an application that runs on either a PC, like Tiny (www.tinysoftware.com), Zone Alarm (www.zonelabs.com) or on a dedicated server like Checkpoint (www.checkpoint.com).

There is a hybrid type of firewall, those that are embedded on routers, like the Firewall feature set on a Cisco router or on some of the Linksys or D-Link routers.

As to which one is better really depends on your specific application and support capabilities. For a home user, any of the above will serve your purpose as your thru put requirements are not a severe as those for an enterprise level business.

In an enterprise, a dedicated appliance (hardware firewall) is generally superior as the the cost per thru put is lower. Also you need to factor in support and manageability. A software firewall (like Checkpoint) runs on top of a general purpose operating system, like UNIX or NT, and for that type of firewall to be effective, the IT staff must keep both the O/S and the firewall software patched and current, whereas with an appliance, you have only one "O/S" to keep up to date, which can be a daunting task.

In addition to match the performance of, lets say a Cisco PIX, you would need to have a rather robust and powerful server to gain the same level of thru put.

Again, it really depends on your networking (WAN/Internet) environment, small deployments (less than 10 people), keeping a personal software firewall up to date and current is not a big issue, but scale that to 10+ people, it is much easier to config and maintain an appliance.

Picking a firewall, especially for a business, is a serious business, as the business has data and computing assets that are the life blood of that business and needs to be protected the best it can.

One other thing: Network/data security is NOT a technology, but rather policies and procedures backed up and enforced by technology. If you have the habit of opening unexpected attachments or having simple, easy to guess/crack passwords (anything less than 8 characters, with a mix of letters, numbers and symbols, is a disaster waiting to happen), then no technology made will protect you from your own stupidity.

long winded answer, but I hope it helps.

Short answers:
1.) Hub, allows multiple computers on a LAN. For internet service, each computer must have a unique IP, supplied by the ISP, usually at extra cost. No added security. Sort of like the phone in your house. Any number of extentions, but they all ring when someone calls.
1a.)Router, allows multiple computers on a LAN. For internet service, only 1 IP is required, the router then assigns internal IP's to all computers on the LAN. No extra ISP charges. Increased security, because the router is open to the internet, all computers on the LAN are not. Router handles the traffic between all computers, the net, and each other. Like having separate numbers for all the phones in your house, with distictive ring, and that are all unlisted.
2.)Software, an application that runs on your computer(s), blocking things from getting in (and out) to/from the internet, unless specifically allowed by you. Manual setup usually, for each application (browser, email, FTP, etc.)
2a.)Hardware. Built into most routers. Set it and forget it type of hardware. The router looks after translating VALID sends/gets to/from the net to each computer on the LAN.
3.) Answered above in 2 and 2a.

Get a router. It's simpler, easier to set up, almost maintenance free, guaranteed better security, doesn't use computer resources like a software firewall.
Linksys, SMC, and DLink are all decent brands, Linksys being the favourite around here.

Ok, what would be the benefit to a major corporation of having one hardware firewall over having a copy of a software firewall on every one of their computers?

I'm guessing that cost wouldn't be a benefit of having a hardware firewall as some of those hardware firewalls are 50 thousand dollars and up, so does a hardware firewall provide better protection then a software firewall? Or does it have added features that you can't get in a software firewall?

A hardware firewall will stop any unwanted traffic from entering the network, so the unwanted traffic will never have a chance to get at the routers or workstations. If you have software firewalls only, the unwanted traffic can get into the network where it will have a chance to do more damage. As for added benefits, the hardware firewall is dedicated, so you can have it filter certain traffic.

^dan

Maintaining a bunch of computers, each running a software firewall could be a real headache, especially if each user has different programs that need to access (and be accessed) by different portions of the network.
One hardware router looks after all of it.

Thanks for all the info.