(480) 812-0489
MTI Tech Solutions

Tech Blog

IT / Computer / Internet Topics

Start your conversation!

(800) 991-6241

Firewalls: Software and Hardware

Oct 6, 2012

When most people think of a fire wall there are two distinct reactions based on the understanding of what a firewall is or isn’t. The first group usually associates a firewall with a large corporation that has a massive server system that can block intruders from hacking into their systems and stealing our data. Images of a computer the size of a room and fierce looking science fiction guards are not far from the fore.

For a much larger group of people, when asked what a firewall is, they simply have no idea what it is or what it can do for them. In a world where hacking has become as common as the computer itself, and with identity theft rising at alarming rates everyday it becomes important to know what steps can be taken to protect yourself. In that light a discussion on firewalls, the different types of firewall protection available, and most importantly which method is best for you the consumer takes on a new relevance and importance.

A firewall is perhaps the most self-explanatory piece of software or hardware available. For anyone familiar with a home, a firewall is the wall within a building whose purpose is to stop or confine a fire should one break out. Similarly the computer firewall is a program or hardware is designed to create a bridge between the user’s computer on one side and an external connection on the other side. The firewall then creates a filter system, determining what will be allowed to cross the bridge and what will be blocked. The primary objective of a firewall, regardless of whether it is hardware or software based, is to analyze packets of data as they pass over the network to determine whether or not they are safe. Packets of data that are deemed safe according to a preset valuation are allowed in, while those that fail to meet the criteria are blocked.

There are two primary types of firewalls, software firewalls and hardware firewalls. Both are fundamentally designed to do exactly the same thing however, the way they are installed and managed are quite different.

A software firewall will usually need to be installed on every computer that will be accessing the internet, and thereby might be exposed to an attempted hack. This is an ideal solution for individual users and provides a very good level of security. A software firewall has a greater deal of access to the information packets coming in to a specific computer and will compare the data with regularly updated databases to seek out malicious signatures (patterns) and alert the user. As such it has a higher ration of success in seeking out and blocking malicious software from gaining admission to the computer. On the downside a software firewall has substantial limitations, especially in a small business or multiple user situations. Firstly the software can only protect the computer on which it is installed, meaning that the software would need to be installed individually on every computer to be protected. This can be costly and time consuming. Secondly the software depends heavily on the settings put in place by the user who has direct control over what the firewall will block, leaving room for error in settings or an unintentional lapse. Finally some firewalls, like that found with Windows 7, will only block incoming traffic and will not filter out going traffic at all by default.

Hardware firewalls are typically found in a broad band router and uses a method called “packet filtering” which examines the head of the packet, its source, and its destination. This information is then compared to a set of predefined or user created rules that determine the maliciousness, or lack thereof, of a particular set of data. More advanced hardware firewalls will use a technique called Stateful Packet Inspection (SPI), to look more in depth at the packets nature and origin. The firewall will also make determinations on whether the information coming across was as a result of a user request, like someone surfing a webpage for example. The largest two advantages to a hardware firewall, often referred to as a first line of defense, is that they can be installed relatively easily and with little to no configuration, and second they will protect all computers on a given network. Like with software firewalls there are certain limitations on a hardware firewall. First it only protects the flow of data from an external source, typically designed to keep bad stuff from getting into the internal network. As a result it is not very good at detecting threats once they have breached the firewall and are being sent from within the network. With many viruses now being more sophisticated and sneaking in on documents, emails, and the variety of media sources (CD’s, Flash drives, and External hard drives) this can be a serious limitation for the hardware firewall. The only other challenge often found with a hardware firewall is that it will often block legitimate programs from operating correctly by blocking things like important download updates. Because a hardware firewall tends to want to kill a mosquito with a bazooka it will very often block entire types of programs because of malware or other detections. Examples commonly reported are Outlook or Mozilla Thunderbird being blocked because of a spam email generated and sent accidentally from your computer.

It is highly recommended that every person have at least one type of firewall. On an internet rife with malware, sneaking in on every kind of site possible, viruses being updated and modified every day, and denial of service programs multiplying constantly the threat to the individual and business computer is very real. Once a hacker has access to a network the damage can be irreparable, especially with the amount of personal and sensitive information we keep or transmit using our computers today. Items like birthdates, social security numbers, bank account numbers, credit cards, and addresses are all easily found on the majority of PC’s. The best protection, ideally, is to have a combination of software and hardware firewalls that work in tandem to prevent any kind of attack or intrusion. For the best options, latest technology, or simply to get protected speak with a technician today who can guide you to the best options.

Maximize Your Business' Potential with Tailored IT Support

Reach out today for a personalized consultation on how MTI's customized IT solutions can drive growth for your tech needs