Which Is Right for

By Matthew Sarrel  |  Posted 2002-11-19 Print this article Print

You?"> Which Is Right for You?

Because of their limitations, we cant enthusiastically recommend either a software or hardware firewall. Each type has its pros and cons, but to go unprotected is an appalling idea.

If youre a mobile worker, the choice is obvious: Its impractical to lug a hardware firewall around. Go with the software. If your machine is stationary, the choice is more difficult. A hardware router with an SPI firewall, typically considered only for networks, is a simple and inexpensive way to protect a PC. But a software firewalls application-level protection may be more practical protection against todays most common threats. And a few companies, including Network Associates and Symantec, bundle their firewalls with security suites that include antivirus, ad-blocking, privacy-control, and spam-removal software.

For multiple machines, a router will typically be cheaper than multiple software licenses, especially since the firewall adds very little to the cost of this nearly mandatory piece of networking equipment.

For the best security, get both. The hardware guards your network, while the software provides a second line of defense and keeps an eye on your Internet-enabled applications.

Whatever you install, keep it up to date. Also, consider running occasional port scans from outside your network to see how youre faring. One of our favorites is Gibson Researchs ShieldsUP! (www.grc.com). Ideally, port scanners should be unable to detect your computer name or any services youre running. If youre using a hardware firewall, a scanner shouldnt be able to detect the existence of your internal network.

Remember that even behind a properly configured firewall, risky actions will still compromise your computer. Think before you download, and view the Internet with the proper level of suspicion. No system is foolproof, but the right combination of hardware, software, and defensive habits might just keep you out of trouble.

Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel