To define a firewall in simple terms, one can put it to words as a – protective system that functions between your host/network and the sometimes “deadly” Internet. An effective firewall policy, prevents unauthorized use and access to your network/server.

The role of a firewall is to analyse information entering and leaving the network/server, based on an existing firewall configuration. It usually acts as a barrier for many form of attacks.

Ideally, a security strategy puts to use both hardware, and software firewalls. That said, understanding them based on a comparative approach definitely helps framing sound firewall policies.

Hardware Firewalls

Hardware firewalls are stand alone hardware devices, specially designed to filter traffic based on configured rules. They have the distinct advantage of ease of configuration and simpler operation. They are easily deploy-able and fit in for all O/S’es and networks. The device usually has incoming and outgoing ports, and effectively fits into various network topologies.

Hardware firewalls work on the concept of packet filtering. It reads the header of each packet, to determine the source and destination of a packet(including ports). Based on pre-configured rules in the firewall, it either lets the packets through, or drops them.

Even though the configuration of the device is more or less user friendly, setting up a sound firewall policy warrants some expertise in server/network security and design.

Software Firewalls

The popularity of software firewalls are much higher, when compared to hardware firewalls. The reasons of such a choice, is probably the cost and additional features that ship with it. There is also a misconception that a hardware firewall is needed only for large and medium scale enterprises.

A key advantage of software firewall is that it allows a greater degree of flexibility in its configuration. Many a times the firewall is OS specific and hence gives more features using the inherent features of the installed OS. Feature rich firewalls usually incorporate vulnerability checks and anti-virus extensions, that makes it even more attractive.

While we discuss the merits, it is worth mentioning that the use of a software firewall is almost always limited to protect a specific host/computer. Configuration of such firewalls to provide protection for a network is possible, and is practised by many. Remember that such firewalls depend on the resource of the host machine for functioning. The ability to pick a firewall – that is lean on resource usage, aggressive in terms of security, timely updates and enhancements, is what makes Software Firewalls the popular choice!

Using a high end hardware firewall, or a feature rich software firewall does not always stop potential risks at the doorsteps. It is more about how one uses these, to build a strong security strategy that stands the “test of time and attacks”.

About the Author :

Sankar works as a Senior Software Engineer in Bobcares. He joined Bobcares back in April 2006. He loves grooming/mentoring people. During his free time, he listens to music, and enjoys singing..