Routers – Hardware Firewalls Vs Software Firewalls Part 2 Hardware

Hardware Firewall

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer based application upon a set of rules and other criteria.

Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

The first two paragraphs are kind of a definition of what a hardware firewall is.  I got this directly from the Wikipedia article.   This reference is a great start to understanding some of the concepts that are beyond this blog post.

Typical Firewall Setup

In the above picture we see a hardware device that sits between your computer and your internet. The normal flow of data is represented below.  This is a from your computer out to the internet and back again.

Normal Traffic

In the case of a hardware router, your computer should in normal circumstances never see things from the internet that were not asked for by the computer.  In the case of a hardware device like a router, the data sent to your computer from the outside is discarded.  It is discarded simply because it did not start with your computer.  This is where the power of the hardware firewall is invaluable.

Evil Bad Guy Traffic

The hardware firewall effectively gives your computer a line of defense that is difficult to bypass (Not Impossible).  This hardware device places your computer in a “non route-able IP range.”  This is why the packets are discarded.  The computer does not know about anything on the internet except for your router.  The router is your guide to the internet, it protects you on your journey and keeps you from falling into places in the dark.

Because your device is electronic, it is more difficult to bypass using software.  The isolation that is provided by the device is the very condition we are looking for.  The very nature of the hardware is why my preference is to use hardware over software as a firewall choice.

In a prior article I recommended that a software firewall could be compromised and allow a person to gain access to your computer.  This is not a simple process but it is not impossible.  That is why when ever possible I recommend the use of both types of firewall be up and functioning.  A hardware firewall will protect you from the people around the world, but if there is a computer with a virus or a Trojan on it, then the threat is already inside with you.  That is why it is important to run the software firewall as well.

Travel Concerns

When I travel I will also carry a hardware firewall with me.  Many of the new devices have portable versions that are much more compact than the home based version.  I realize that you can’t always travel with one but if you have the room to pack it, it will give you a much improved level of security.  Hotel WiFi and Ethernet connections are a dangerous place.  If you have the ability to put your router between you and the rest of the hotel you are in a much safer condition.  There are times the hotel will not even have a hookup or that you have to log in to the connection then put your router up, but the additional safety is worth the little bit of hassle.

Summary

It is my personal opinion that a hardware firewall is a necessary choice.  With the cost of a wireless router starting in the $40 range, it is not difficult to justify the expenditure.  That being said, the hardware combined with the software firewall built in on a computer is the best way of staying protected.  The world is an unsafe place, do you want to be there without your best armor on?

Happy Surfing (and hopefully safer too)!!!

Routers – Hardware Firewalls Vs Software Firewalls Part 1 Software

I am starting with the software version. Examples of this include: Mcafee, Norton, Panda, Computer Associates (CA), Trend Micro, and Black Ice.

The above examples may be included in a bundled package but not always. They may be bundled with Anti-Spyware, Spam Controls, Parental Controls, and other types of programs. The theory is you are getting a LOT of protection for a single price and as a single program to work with. Ironically, I myself have yet to find a 3rd party packages on a clients machine that did not either slow the machine down significantly or out right cause it problems. Many of the third party applications can be problematic to configure, update and run in a way that does not cause further problems.

A software firewall sometimes is the only thing that may be standing between you and the entire world. There is a saying on the internet that you and all your friends and enemy’s are only a couple milliseconds away from each other. That is a scary thought!!!

Software firewalls have a very difficult job! They are expected to let all the good traffic from your computer out, and then deny all the bad stuff from causing a problem on your computer. This theory is great, most software packages tend to fall very short in their application. In my opinion, many actually fail miserably. The implementations I have witnessed so far, have shown the firewalls to be too restrictive. I have many times had to remove the entire package and install separate programs to replace the “bundles”.

Did you know that every version of Windows since Windows XP (Service Pack 2) comes with its own firewall? Right out of the box, the firewall is turned on. Is this the most extreme firewall, not by any means but in most cases it works extremely well and will seldom cause you problems with programs that run. The version of the firewall that comes with XP, Vista, Windows 7, and the Mac is actually fairly good. It is also a LOT better than not having any firewall turned on at all. So please ensure your firewall is turned on.

At the start of this post I stated that I am not a fan of the software firewalls. OK, so if I am not a fan why would I actually recommend the use of one. Well like every other rule in the world there are exceptions to rules. If I am at home and I am using my known secure router, then I can relax the rules for needing my software firewall turned on. Reality, I seldom spend the amount of time that I desire at home, and instead spend it in hostile networks. I am on clients networks, work networks, servers, and OPEN WIFI. With this in mind, I keep the software firewall I have on my mac at full strength. I know you are saying that I am contradicting myself, but hear me out. The software firewall is up and working because of the hostile open nature of the networks I am on. I trust my machine as I am personally cautious of what i download and run. What is don’t trust is the rest of the world!

On an open wireless connection you are connected to everyone else in that may be in the shop as well as many who may be outside you don’t know. On an open wifi, there is normally a hardware routers / firewall, and it will protect you some from the people outside on the internet. The juicy inside of the open wifi is where you are wide open to everyone else in the area. Wireless is a omnidirectional signal. This means that not only is the signal 360 degrees around the wireless device, it is also top and bottom. This means you can have someone a couple floors up seeing what signals are being sent out and the person on the internet will never know they even exist. At the moment I will not go into secure wireless vice non secure wireless. On the open wifi you can be seen without your firewall turned on. You can test your firewall and if it is working by going to https://www.grc.com/x/ne.dll?bh0bkyd2

If you travel with your laptop, you should have a firewall turned on. If you have a laptop and take it to friends or coffee shops to work or play, you should have your firewall turned on. If you have kids on computers and the computers may be infected with what ever, you should have a firewall turned on.

Summary:
If you are not 100% positive of where your network is or who is on it, turn your firewall on!!!

Turning on a Software Firewall on a Mac Prep Step

This post is here to provide information on how to turn on a software firewall.  It is done in preparation for my series Routers – Hardware Firewalls Vs Software Firewalls.

Software Firewall

I would like to start by saying please check the status of your firewall.   If you are on a Mac I have included screen captures for you to check with.  Yes on a mac you should have your firewall turned on as well.  Unlike current Windows, the Macs software firewall is NOT turned on by default.

Mac

Turning on a Software Firewall in Windows XP Prep Step

This post is here to provide information on how to turn on a software firewall.  It is done in preparation for my series Routers – Hardware Firewalls Vs Software Firewalls.

Software Firewall

I would like to start by saying please check the status of your firewall.  I have included a video in order to see how to do it on Vista and Windows 7, and two pictures to show you how to do so on Windows XP.  If you are on a Mac I have included screen captures for that as well.  Yes on a mac you should have your firewall turned on as well.  Unlike current Windows, the Macs software firewall is NOT turned on by default.

XP

Turning on a Software Firewall in Vista / Windows7 Prep Step

This post is here to provide information on how to turn on a software firewall.  It is done in preparation for my series Routers – Hardware Firewalls Vs Software Firewalls.

Software Firewall

I would like to start by saying please check the status of your firewall.  I have included a video in order to see how to do it on Vista and Windows 7, and two pictures to show you how to do so on Windows XP.  If you are on a Mac I have included screen captures for that as well.  Yes on a mac you should have your firewall turned on as well.  Unlike current Windows, the Macs software firewall is NOT turned on by default.

Windows Vista / Windows 7