A router is a hardware firewall which provides only inbound protection. A software firewall along side a router will provide outbound protection. They will complinent each other. The best protection you can have is a hardware firewall. Some people use just only that. Simply Google your question and you will get your answer.

 

http://www.firewallguide.com/faq.htm

A firewall can be a hardware or software device. A hardware firewall is a unit that is connected between the network and the device for connecting to the Internet. A software firewall is a program that is installed on the computer with the Internet connection. Similarly, there are computers with specific software programs that are placed behind the router and whose only function is to provide the network firewall.

 

Software firewall

This is the most common type of firewall, as they are not only cheaper but also easier to install. However, they have some disadvantages. For example, they use a large amount of system resources and sometimes, do not run correctly and can cause compatibility problems with other types of software installed on the computer.

Modern operating systems like Windows XP and Linux incorporate basic firewall solutions. In some cases, like freeware firewalls, they are very powerful and flexible, but require in-depth knowledge of networks and the ports used by these applications. To simplify configuration, they usually have web interfaces that make it easier for users to manage them, although this can result in reduced functionality.

 

Hardware firewall

Hardware firewalls are used more in companies and large corporations. These devices are usually placed between the router and the Internet connection. As they are dedicated security devices, they are optimized to carry out firewall functions and do not use up resources on personal computers.

Their biggest drawback is maintenance, as they are difficult to update and configure correctly

A hardware firewall is basically a program hardcoded in a special chip and used mainly in the circuit boards of servers, modems and routers. It is more or less a permanent firewall, but some circuit boards come with the option for the firewall chip to be disabled.

A software firewall is not a physical chip, but it is a program nonetheless, and it is stored on your harddrive or in the memory of any given electronic device. The only difference is that it can be configured and disabled easier.

As far as which as better, that depends on what you do. If you run a buisness from your PC that stores important and private information (clients' IDs, social security numbers, etc), then you might want to go with the hardware firewall. Granted, it poses its own unique challenges (such as conflicting with software that wants to connect to the net on its own and with disabling, it's an all-or-none affair), but it the barrier is rigid and harder to crack.

If you're the average home user, a software firewall is just fine, and if you purchase the right one, it can be just as powerful as a hardware one. As an added plus, if you are into online gaming, you can set the firewall's permissions to allow that game to connect to the internet without having to disable the entire firewall like you would do with the hardware one.

All firewalls run firewall software, and they all run it on some sort of hardware, but the terms hardware firewall and software firewall are used to distinguish between products marketed as an integrated appliance that comes with the software preinstalled, usually on a proprietary operating system, and firewall programs that can be installed on general purpose network operating systems such as Windows or UNIX.

Hardware firewalls can be further divided into those that are basically dedicated PCs with hard disks and those that are solid state devices built on ASIC (Application Specific Integrated Circuit) architecture. ASIC firewalls are generally faster performers and don’t have the hard disk (a mechanical device) as a potential point of failure.

Software firewalls include Microsoft ISA Server, CheckPoint FW-1 and Symantec Enterprise Firewall at the enterprise level, as well as most personal firewalls. ISA Server runs on Windows 2000/2003, and FW-1 runs on Windows NT/2000, Solaris, Linux, and AIX, as well as proprietary appliance operating systems. Symantec EF runs on Windows and Solaris.

Hardware firewalls include Cisco PIX, Nokia (which runs CheckPoint FW-1 on top of their IPSO operating system), SonicWall, NetScreen, Watchguard, and Symantec’s 5400 series appliances (which run their Enterprise Firewall software).

Hardware firewalls are often marketed as “turn key” because you don’t have to install the software or worry about hardware configuration or conflicts. Those that run proprietary operating systems claim greater security because the OS is already “hardened” (however, many of the proprietary systems have been exploited nonetheless). A disadvantage of hardware firewalls is that you’re locked into the vendor’s specs. For instance, a firewall appliance will have a certain number of network interfaces, and you’re stuck with that number. With a software firewall, you can add NICs to the machine on which it’s running to increase the number of available interfaces. You can also more easily upgrade the standard PC on which the software firewall runs, easily adding standard RAM or even multiple processors for better performance.

Thanks Diesel-

 

A router is the same as a NAT right?

 

And when you say difficult to configure, I really just want mone to not let anything unsolicited in.

Those aren't my quotes. I Google it showing how easy it is to get your answers. 99% of hardware firewall take no configuration needed. They are set straight out of the box. Lyksys is the bets actually. I can pass Shields Up with no security software installed at all cause my NAT covers me.

Hi NY1986:

 You will have no problems with using a hardware firewall and a software firewall.  If your looking for something for a home network, a router  (such as a linksys mentioned by dieselman) will include a built in firewall.  With a hardware firewall I never get hits from the outside of my network.  It does an excellent job of blocking any inbound attacks, etc.  The software firewall is a backup, but its main function if used in conjuction with a hardware fire wall is to stop/block trojans, spyware, etc from 'phoning home' or sending information from your computer outbound.  Another nice thing about a hardware firewall is its always on.  I don't have to worry if I need to turn off norton for a few minutes because I'm still protected from inbound attacks.

 

A router is the same as a NAT right?

A hardware router isn't the same as NAT. NAT though is a function built into most routers.  Home routers like from Best Buy come with it turned on already.   NAT provides security because an attacker does not know what your IP address is. It works sort of like this: When you hook up your router, your ISP assigns an IP address (such as 10.20.20.xxx) to your computer. This is the address that websites you visit (and attackers would see).  The router though gives each computer on your network a different internal IP (such as 192.168.1.10).  When your computer sends out a request for a web page (or anything else) the Route logs this information and then changes the data being sent so that it appears to be coming from the Router and not the specific internal computer.  When the data/info comes back from the website, the router then checks to see if it has a match in its table. If it does, its forwarded to your computer. If there is no match (i.e. if its just a random data packet, a port scanner, etc. the data is just dropped).   It's 5:15 in the morning.... I hope I'm making sense.

 

Matthew

Thanks, It does make sense. So you can use NAV2008 (which has an inbound firewall) with a router, but the NAT function of the router becomes the primary inbound firewall?

What about with NIS 2009?

 

I ask this because we will be getting a router and I want to make sure it doesn't mess up my NAV inbound firewall

It doesnt matter what software firewall you are using. If you have a router then that will take care of all your inbound traffic once you configure it. I can have no security software installed and I pass the Shields Up test with flying colors cause my 2Wire Gateway DSL covers me. If you simply type 192.168..1 and some other numbers cause each router is different you will get your routers configuration page. Some features were off on mine so I turned them all on. After all that is done then NIS 2009's job is to  monitor your outbounds. Be sure to shut off automatic programs control and turn on advanced event montoring. When you do this it will alert you about any outbound connection being made but once it alerts you it will remeber it and not ask again. It will also alert you of any code injections and keyloggers.