Quote:
Originally Posted by Bungleau
You still need a software firewall to cover things from the inside trying to get out. Hardware firewalls won't do that... they just stop it from getting in.
|
Are you sure of that? I've seen HW firewalls that could do outbound filtering. (stuff like blocking Adobe Reader from "phoning home" for updates)
Quote:
|
I also wouldn't go with just a software firewall, either. Having a hardware firewall adds one more layer, making it harder for the average person to get in to your system.
|
That's true, but usually a system doesn't get compromised because of the firewall, but because of an unpatched flaw in some program. For example when the JPG header exploit came out (already patched in Windows) it didn't matter how many firewalls you had, the attack would get through.
Of course if someone is trying to force their way into your system and you add a Unix-based HW firewall which they have to also hack through before getting in they'll have a harder job. But if someone really wants to get in they will, no matter the number of firewalls. Except hacking a home computer this way simply isn't worth their while. It would take longer than sending out a couple thousand booby trapped emails where you know that at least someone will click on the link...