software firewall vs hardware firewall

[ChingChang]

I'm all for the layered defense and I did purchase Kerio Personal Firewall, and I love it. But someone said that if something got past the hardware firewall, then the software firewall wouldn't really help. And I honestly wasn't really sure about this, did a couple quick searches but I don't have any time for research until at least the weekend.

I always figured a software firewall would help, and kerio seems to do a great job of notifying me of all connections, which I can allow or deny. Is this a lot less useful since I'm on a hardware firewall?


So is there really any benefit to having a software firewall on top of a routers hardware firewall? Or are the software firewalls mostly beneficial with a wireless connection or a network without a firewall?

 

[Boscoh]

That isn't really true. Software firewalls residing on the host have the added benefit of typically being application-aware. Since they reside on the same system as the applications accessing the internet, they can develop a baseline for what is normal and what isn't, and inspect the application for misuse.

Most hardware firewalls typically filter off ports or known services. Many are starting to become application-aware (ex: they can detect Kazaa trying to use port 80 to appear as legit web traffic), but the host-based firewalls will always have the advantage of being on the machine you're intending to protect.

If the hardware and software firewalls were created equal, and blocked or allowed only port numbers and didn't do filtering beyond that, then whatever gets past the hardware firewall is probably going to get past the software one too.

 

[Axeldoomeyer]

If you have a hardware firewall, and it is configured properly, there should be no real reason to run a software firewall. It is just another piece of software to conflict with applications that you want to run.

 

[Malk-a-mite]

It is just another piece of software to conflict with applications that you want to run.

... and oddly enough conflict with applications that you don't want to run. Which would be the point.

 

[Kibbles]

If you have a hardware firewall, and it is configured properly, there should be no real reason to run a software firewall. It is just another piece of software to conflict with applications that you want to run.

As far as I know most Hardware Firewalls do not monitor out going traffic?

 

[Axeldoomeyer]

As far as I know most Hardware Firewalls do not monitor out going traffic?

You are correct there.

I am not sure the reason for having to check outbound traffic. If there is spyware, malware, or virus on the machine then this would be an issue. But I can block access to potentially harmful websites though a hardware firewall. The best defense against spyware and malware is to never log on as the "administrator" account, or an account that has administrative rights. Do all of your work from a "user" account and set the permissions on your machine properly... That is much more effective to block such attacks, then a software firewall.

As far as applications that you don't want to run don't allow them to get installed. Please read paragraph above....

IMHO, software firewalls create an overhead on a PC and cause more troubles than they are worth. Also, make sure to have some sort of Anti Virus software installed and up to date.

 

[Negative Decibel]

what about a smoothwall? (Does anyone know what i'm talking about?? google it...)
where would that rank in security vs. hardware firewall, vs. software firewall...

I was thinking about setting one up for my home network.. All I have is the windows firewall right now...

 

[Malk-a-mite]

But I can block access to potentially harmful websites though a hardware firewall.

Ummm, you can block access to sites that you are aware of. Recent exploits have targeted mainstream sites to deliver payloads... how does one block that with a standard SOHO firewall?

what about a softwall? (Does anyone know what i'm talking about?? google it...)
where would that rank in security vs. hardware firewall, vs. software firewall...

Do you mean Smoothwall?

 

[Negative Decibel]

yeah... mabee it was smoothwall.... i'm tired... yeah... hows that work??

 

[locutus24]

Pretty sure SmoothWall is just a linux distro that is placed on a different computer, thereby you have a hardware firewall with high customizational options and a few other things that you dont get with your standard hardware firewall. Its really only for people who need the security+options, or home power users who understand linux.
(And of course what i think should be standard link)
http://en.wikipedia.org/wiki/SmoothWall (a wiki article for ya)
Software firewalls IMO i say thumbs down dont need em', they usually do end up causing more ruckus then help. I myself purchased a $50 netgear wireless router, its online interface is slick and real easy to use.

 

[YeOldeStonecat]

The choice of running a software firewall in addition to a hardware firewall is yours. Consumer grade routers use NAT...they block all unknown incoming traffic. By default..nothing will get past them. It's not like "well..something slipped past my Linksys router..and my Kerio is a second layer which will stop it". No..doesn't work that way. As I said..."by default"..because all 65,000 plus ports are blocked. If you did something stupid like put your computer in the DMZ..yeah..OK, now the incoming blocking of the Kerio is useful. Or if you opened/forwarded too large a range of ports because you didn't want to take the time to figure out what bare minimum ports were necessary to make some service public.

However...many 3rd party software firewalls add outbound protection...they are bi-directional. NAT routers automatically allow outbound traffic...it's assumed to come from a trusted source. So the 3rd party software firewall can add a feature that a basic NAT router cannot.

Wether you wish to run one...that's up to you. Personally I don't. I'm of the opinion that if you protect your system with standard best practices..such as don't leave your Administrator account with a ,<blank> password (you wouldn't believe how many people do this... even workstations on domains ) if you run you Windows Updates, if you have a quality antivirus program, don't frequent bad sites, don't use system infesting P2P software, and MOST of all...if you simply use your head...you're quite safe yes even with an Admin account.

For some people who can't follow the above...I'd say use a software fireall then.

Most linux based home grown routers by default don't really add additional protection beyond what a consumer grade router gives you. There are some that can add some additional protection, such as the Copfilter add on to IPCop, or another distro called Endian. They have some really cool transparent proxy features.

 

[Axeldoomeyer]

I can't agree with YeOldeStonecat more. I would say that a majority of PC's that are infected with some type of Malware or Spyware are because the users don't follow some simple security pointers. One being the daily use of an "administrative" account. Windows has a neat feature called "run as...", this will allow you to be logged in as a regular use and still install software. Running a SW firewall, IMHO is just more overhead on the machine; however, if I did not have anything else I would use SW. I would prefer a hardware router/firewall solution, especially since they are inexpensive.

From what I understand SmoothWall is a Linux distro as well. As a matter of fact, I am looking at building a M0n0wall firewall, but more for fun and something different to play with.

 

[paradoxblue]

i had some issues or someone on my network (whoa re all on vaca right now so i cant check) my isp shut down my inet saying there was a trojan on the ip. so i locked down my pc with a SW firewall so that the other pc's couldnt infect mine. outside that theres two routers on the network.

i plan to build a monowall setup once everythings said and done asnd i move into a house

 

[ChingChang]

So if there is a hardware firewall, software firewall isn't going to do much extra help huh? (aside from outbound connections, such as sending personal info)

And I was just curious, what most people think if Kerio Firewall? Like how does it compare to other popular firewalls, such as symantec, zone alarm, sygate, ect?
From my experience it is a very "light" program, does not take many resources. And does not slow anything down. No issues at all with it. And it does seem to do a good job protecting... I always see those "popups" when a program is trying to connect to the internet. Can either allow or deny. At least it makes me feel a lot safer than windows firewall

 

[da sponge]

kerio was my personal firewall of choice, but they're no longer developing it. i've been meaning to look into coreforce though.

 

[Met-AL]

YeOldeStonecat said it best.

The only reason to run both a hardware firewall and a software one is because the machine is infected and you want to restrict outgoing traffic that some malware might be sending.

Oh, and Windows Firewall does not block outgoing traffic, even though it would seem so. I will see if I can dig up a link about this, otherwise someone here probably can back this up.

 

[ChingChang]

they're no longer developing it? I just got an update like three days ago
Sunbelt software owns it now or something, if that's what you meant.

 

[ThreeDee]

I use Smoothwall boxen at work and at home .. at work we run Dansguardian with ClamAV to filter content being accessed by our 100+ computers across campus ..since implementing DG on our main SW box .. problematic calls have dropped by 75% I'd say .. (yay for blocking webshots ..lol) The main calls are now "hey howcome this website (read:site that shouldnt be accessed at work to begin with) gets blocked now?!"

there are many different mods for SW that you can find here

at home I run a SW box with just Advanced Web Proxy and Urlfilter mods to block ads and porn and major stuff like that of which is easily updated via the bigblacklist you can obtain from Urlblacklist.com (same goes true with DG but you have to install manually)

..and if you don't know spit about Linux ..then you would be in the same boat I was before messing with SW boxen .. it's been a great and easy learning platform into the realm of Linux.

I even run F@H on all my SW boxen ..yay!

Smoothwall has a pretty helpful community to get you going as painlessly as possible as well.. just be sure to read entire thread on a particular mod before asking any questions because chances are your question probably has already been asked a dozen times already ..and post any questions on any particular mods in their respective threads to so the mods author can address your question quicker and it helps keep the forums a smidge tidier ..