Computer Firewall Vs. Hardware Firewall
You might be wondering what the difference in firewall are. Just like any form of preparedness it is important that you consider multiple factors. If you remember from a previous article, I wrote on Multi-factor authentication- MFA, and 2 factor authentication 2FA, you will know that the more factors you have in anything the more protected you are. Another example of this is having multiple backup methods such as cloud-based backups and onsite backups or a combination of both. You could even add a third method of storing a backup offsite that you control vs. the cloud backup.
Anyway, this article is not about multi-factor or computer backups, but I want to make a point in having multiple layers of security. Is there such a thing as too much security? It really depends on your environment. The more layers you add the better protected you are, but you sacrifice productivity in some cases. Let’s first talk about Software based firewalls that are installed on individual computers.
You might recognize names such as windows firewall, windows defender firewall, McAfee firewall, Sophos firewall, ZoneAlarm Firewall, Norton Security, Avast Endpoint Security, and the list of firewalls go on. These are all a great way to protect your computer or laptop from being compromised but if it isn’t setup correctly or you don’t educate yourself on what to watch for you could still be exposing yourself. Most of these out of box products use best practices to keep you safe, but sometimes you may need to take it a step further. Do you know what is being blocked and why? Do you what is being allowed and why? Do you even care? Most products are made with 2 things in mind. What can I offer that many people will need, and how much can I make off of it? Here is a prime example but not necessarily related to firewalls. Sites that offer free products such as email, social media, and news have to pay for their continued operation somehow. They are able to do this through advertising. Let’s take Yahoo as an example. I am picking on them because I see it all too often where something on Yahoo infects a computer, or a firewall blocks something on Yahoo. They use paid advertisers to keep their site running and provide a free service. Often these advertisements haven’t been put through a testing process before being allowed. Do you ever notice an odd, awkward, or inappropriate ad displayed on a news site? Sorry that I am going off on a tangent but want to lay the groundwork for the importance of a computer firewall. Not just any firewall but a paid for and well researched firewall. Check the reviews of legitimate sources. I could easily run off on a tangent about legitimate reviews as well. Some sites are paid to give a five-star rating to a product. So, the question remains…. Do you need a personal firewall? It is a great idea to get a product that can bundle a firewall with anti-virus and use it in conjunction with the Windows based firewall. Again, do your research because even some of the big-name products come with flaws or performance issues.
Let’s talk about Hardware firewalls. A few that need to be mentioned are SonicWall Firewall, Cisco ASA Firewall, CheckPoint Firewall, Watchguard Firewall, Zyxel firewall, and again the list goes on. A hardware firewall typically sits in between your internet and your computer. It will see all traffic before it gets to your computer and can make an informed decision on whether to pass the information on or block it. This is great when you have multiple devices to protect. Most routers will have firewall capabilities and limited logging. They are not intended to be a mid-grade or even high-grade firewall and will not keep everything out. The great thing about hardware firewalls is it will also monitor traffic being passed to and from the internet and offer reporting and alerts, so you know when things are going wrong.
I like what chron.com had to say about the differences so I am going to post it here. You can read the full article from the link provided.
A hardware firewall sits between your local network of computers and the Internet. The firewall will inspect all the data that comes in from the Internet, passing along the safe data packets while blocking the potentially dangerous packets. In order to properly protect a network without hindering performance, hardware firewalls require expert setup, and so may not be a feasible solution for companies without a dedicated IT department. For businesses with many computers, however, being able to control network security from one single device simplifies the job.
Software firewalls are installed on individual computers on a network. Unlike hardware firewalls, software firewalls can easily distinguish between programs on a computer. This lets them allow data to one program while blocking another. Software firewalls can also filter outgoing data, as well as remote responses to outgoing requests. The major downside to software firewalls for a business is their upkeep: they require installation, updating and administration on each individual computer.
In order to share an Internet connection between multiple computers, routers must distinguish which pieces of data need to go to which computer. The process of separating the data acts as a kind of firewall: if unwanted data comes in, the router will not identify it as belonging to any computer, and thus will discard it. This level of protection serves adequately for home use; along with a software firewall, it’s also enough for many business networks that don’t require high security. However, routers generally lack the options and advanced features that dedicated hardware firewalls offer.
Using a single software firewall along with a router or hardware firewall will strengthen network security without posing any compatibility issues. Using multiple software firewalls, however, can cause conflicts, hampering proper operation. Businesses highly concerned with network security can put together multiple hardware firewalls, minimizing any weaknesses in each, but this requires careful expert setup to avoid incompatibilities and blocking of legitimate data.