10-04-2008 10:11 AM
10-04-2008 10:22 AM - edited 10-04-2008 10:23 AM
A router is a hardware firewall which provides only inbound protection. A software firewall along side a router will provide outbound protection. They will complinent each other. The best protection you can have is a hardware firewall. Some people use just only that. Simply Google your question and you will get your answer.
10-04-2008 10:24 AM
A firewall can be a hardware or software device. A hardware firewall is a unit that is connected between the network and the device for connecting to the Internet. A software firewall is a program that is installed on the computer with the Internet connection. Similarly, there are computers with specific software programs that are placed behind the router and whose only function is to provide the network firewall.
This is the most common type of firewall, as they are not only cheaper but also easier to install. However, they have some disadvantages. For example, they use a large amount of system resources and sometimes, do not run correctly and can cause compatibility problems with other types of software installed on the computer.
Modern operating systems like Windows XP and Linux incorporate basic firewall solutions. In some cases, like freeware firewalls, they are very powerful and flexible, but require in-depth knowledge of networks and the ports used by these applications. To simplify configuration, they usually have web interfaces that make it easier for users to manage them, although this can result in reduced functionality.
Hardware firewalls are used more in companies and large corporations. These devices are usually placed between the router and the Internet connection. As they are dedicated security devices, they are optimized to carry out firewall functions and do not use up resources on personal computers.
Their biggest drawback is maintenance, as they are difficult to update and configure correctly
10-04-2008 10:25 AM
10-04-2008 10:26 AM
All firewalls run firewall software, and they all run it on some sort of hardware, but the terms hardware firewall and software firewall are used to distinguish between products marketed as an integrated appliance that comes with the software preinstalled, usually on a proprietary operating system, and firewall programs that can be installed on general purpose network operating systems such as Windows or UNIX.
Hardware firewalls can be further divided into those that are basically dedicated PCs with hard disks and those that are solid state devices built on ASIC (Application Specific Integrated Circuit) architecture. ASIC firewalls are generally faster performers and don’t have the hard disk (a mechanical device) as a potential point of failure.
Software firewalls include Microsoft ISA Server, CheckPoint FW-1 and Symantec Enterprise Firewall at the enterprise level, as well as most personal firewalls. ISA Server runs on Windows 2000/2003, and FW-1 runs on Windows NT/2000, Solaris, Linux, and AIX, as well as proprietary appliance operating systems. Symantec EF runs on Windows and Solaris.
Hardware firewalls include Cisco PIX, Nokia (which runs CheckPoint FW-1 on top of their IPSO operating system), SonicWall, NetScreen, Watchguard, and Symantec’s 5400 series appliances (which run their Enterprise Firewall software).
Hardware firewalls are often marketed as “turn key” because you don’t have to install the software or worry about hardware configuration or conflicts. Those that run proprietary operating systems claim greater security because the OS is already “hardened” (however, many of the proprietary systems have been exploited nonetheless). A disadvantage of hardware firewalls is that you’re locked into the vendor’s specs. For instance, a firewall appliance will have a certain number of network interfaces, and you’re stuck with that number. With a software firewall, you can add NICs to the machine on which it’s running to increase the number of available interfaces. You can also more easily upgrade the standard PC on which the software firewall runs, easily adding standard RAM or even multiple processors for better performance.
10-04-2008 02:01 PM
10-05-2008 02:16 AM
You will have no problems with using a hardware firewall and a software firewall. If your looking for something for a home network, a router (such as a linksys mentioned by dieselman) will include a built in firewall. With a hardware firewall I never get hits from the outside of my network. It does an excellent job of blocking any inbound attacks, etc. The software firewall is a backup, but its main function if used in conjuction with a hardware fire wall is to stop/block trojans, spyware, etc from 'phoning home' or sending information from your computer outbound. Another nice thing about a hardware firewall is its always on. I don't have to worry if I need to turn off norton for a few minutes because I'm still protected from inbound attacks.
A router is the same as a NAT right?
A hardware router isn't the same as NAT. NAT though is a function built into most routers. Home routers like from Best Buy come with it turned on already. NAT provides security because an attacker does not know what your IP address is. It works sort of like this: When you hook up your router, your ISP assigns an IP address (such as 10.20.20.xxx) to your computer. This is the address that websites you visit (and attackers would see). The router though gives each computer on your network a different internal IP (such as 192.168.1.10). When your computer sends out a request for a web page (or anything else) the Route logs this information and then changes the data being sent so that it appears to be coming from the Router and not the specific internal computer. When the data/info comes back from the website, the router then checks to see if it has a match in its table. If it does, its forwarded to your computer. If there is no match (i.e. if its just a random data packet, a port scanner, etc. the data is just dropped). It's 5:15 in the morning.... I hope I'm making sense.
10-06-2008 04:56 PM
Thanks, It does make sense. So you can use NAV2008 (which has an inbound firewall) with a router, but the NAT function of the router becomes the primary inbound firewall?
What about with NIS 2009?
I ask this because we will be getting a router and I want to make sure it doesn't mess up my NAV inbound firewall
10-06-2008 05:03 PM - edited 10-06-2008 05:04 PM