Choosing a Firewall: Hardware v. Software
Connecting your network to the Internet without a firewall is like leaving the front door of your office wide open when you leave on vacation. Chances are high that someone will eventually walk in and steal your valuables.
Many machines and software programs come equipped with firewall programs, but when you’re protecting sensitive data, it’s better to know what you’re getting -- and what you could have instead. A competent firewall will safeguard your business from attempts by hackers to steal confidential data, just as a locked front door deters thieves from ransacking your home. Small and mid-size business owners are increasingly opting to install firewalls for this reason, with 44 percent of such companies planning to purchase firewalls within the coming 12 months, according to a recent survey by Forrester Research, of Cambridge, Mass. The most important criteria for small and mid-size businesses is simple manageability, according to the report.
The good news is, there are just two basic types of firewalls to consider: hardware-based and software-based. Here is a rundown of how they work and why they may or may not work for you.
Hardware firewalls are integrated into the router that sits between a computer and an Internet modem. They typically use packet filtering, which means they scan packet headers to determine their source, origin, destination addresses, and whether the incoming traffic is related to an outgoing connection, such as a request for a website. This information is compared to a set of user-created rules that determine whether the packet should be forwarded or blocked. If you have a wired or wireless router installed, check it to see whether it already includes a hardware firewall. Most do.
The advantages to a hardware firewall are:
- A single hardware firewall can protect your entire network, which is a boon for companies with multiple computers.
- Because they don't run on your computers, they don't affect system performance or speed.
- Hardware firewalls work more efficiently for businesses that use a broadband Internet connection, such as DSL or cable modem.
- A hardware firewall won't easily be disabled by malicious software, as software firewalls can be.
- The cost of one hardware firewall to protect multiple computers may ultimately be lower than installing licensed software firewalls on each PC in the office.
The disadvantages to a hardware firewall are:
- Routers can be expensive, ranging upwards of several hundred dollars.
- They may be more difficult to configure, especially for novices.
- Hardware firewalls treat outgoing traffic from the local network as safe, which can be a hazard if malware, such as a worm, penetrates your network and attempts to connect to the Internet.
Software firewalls are installed on individual computers. They intercept each request by the network to connect to the computer and then determine whether the request is valid. Software firewalls can also be configured to check suspicious outgoing requests.
The advantages to a software firewall are:
- Top-rated software firewalls cost less than $50, so they're a more economical choice for an office that has, say, fewer than four or so machines.
- They’re flexible. You can specify which applications are allowed to connect to the Internet, thus reducing the possibility that malware will do so. A potential scenario where a software firewall would be advantageous is in the case of an e-mail worm that creates its own e-mail server, like the recent "MyDoom" worm, which may not be recognized by a router because of its trusted origin.
- You can take it with you. A software firewall protects the computer it's installed on no matter where that computer is connected. This is an important feature for business travelers with laptops.
The disadvantages to a software firewall are:
- Software firewalls use more system resources, such as memory and disk space, than hardware firewalls, therefore dragging on your computer.
- You must purchase a separate copy for each computer connected to the network, racking up charges fast.
- Software firewalls can't be configured to mask your IP address. Instead, they close unused ports and monitor traffic to and from open ports.
For the highest security level, experts recommend you protect your system with both types of firewall. One you've decided on one -- or both -- test your security using a free online firewall probe, such as the one at HackerWatch.