Ironworks Gaming Forum - View Single Post

dplax · 05-23-2008, 09:03 AM

Nowadays a software firewall can do most of what a hardware one does. (NAT being one notable exception) Obviously the hardware firewall is a dedicated box, so it doesn't put any strain on the PC's resources. But then again, it does cost a lot more.

Even free software firewalls nowaday do packet filtering, can be configured to act differently for certain IP addresses/zones for certain ports, for certain applications. They have attack detection algorithms, etc...along with a decent antivirus and antispyware program you don't need anything more.

Apart from 0-day vulnerabilities nothing can get through a properly updated firewall + antivirus (barring user interaction...a user can always mess up their own PC) and 0-day vulnerabilities usually get through a hardware firewall too. So if you are careful and don't go to dubious websites, surf safe, etc... you will be safe with a simple software firewall + anti-stuff.

I'm not saying that hardware firewalls are bad. On the contrary they are better than a software firewall in that they don't hog system resources. But in the case of a home network with maybe 2-3 PCs on it a HW firewall isn't worth the investment.

And on the subject of using HW firewall and SW firewall: the SW firewall is mostly overkill. Supposing that the HW firewall does its job properly, the only stuff the SW firewall would protect you against would be other PCs in your local network. Supposing those are also protected by the HW firewall you don't
really need the SW firewall. Of course it helps in containing a virus, should one get onto one of the local machines, but in the case of the right setup that shouldn't happen.

05-23-2008, 09:03 AM	#6
dplax Jack Burton Join Date: July 19, 2003 Location: an expat living in France Age: 40 Posts: 5,577	Re: New Hardware Firewall Suggestions? Nowadays a software firewall can do most of what a hardware one does. (NAT being one notable exception) Obviously the hardware firewall is a dedicated box, so it doesn't put any strain on the PC's resources. But then again, it does cost a lot more. Even free software firewalls nowaday do packet filtering, can be configured to act differently for certain IP addresses/zones for certain ports, for certain applications. They have attack detection algorithms, etc...along with a decent antivirus and antispyware program you don't need anything more. Apart from 0-day vulnerabilities nothing can get through a properly updated firewall + antivirus (barring user interaction...a user can always mess up their own PC) and 0-day vulnerabilities usually get through a hardware firewall too. So if you are careful and don't go to dubious websites, surf safe, etc... you will be safe with a simple software firewall + anti-stuff. I'm not saying that hardware firewalls are bad. On the contrary they are better than a software firewall in that they don't hog system resources. But in the case of a home network with maybe 2-3 PCs on it a HW firewall isn't worth the investment. And on the subject of using HW firewall and SW firewall: the SW firewall is mostly overkill. Supposing that the HW firewall does its job properly, the only stuff the SW firewall would protect you against would be other PCs in your local network. Supposing those are also protected by the HW firewall you don't really need the SW firewall. Of course it helps in containing a virus, should one get onto one of the local machines, but in the case of the right setup that shouldn't happen. __________________