03-08-2006, 09:33 AM
|
Techie
|
|
Join Date: Oct 2002
Location: Manchester, England
Posts: 116
|
|
Who understands hardware firewalls?
For the past couple of years I've been using a software firewall (Zone Alarm Pro). It seems to be quite effective but it can sometimes be intrusive - not letting me access sites that I want to visit (for example, on Ebay, it will often allow me to see some pages but not others).
For ages, my mate has been telling me to ditch Zone Alarm and buy a hardware firewall but I don't really understand how they work. I have a mental picture of them being even more intrusive than Zone Alarm.
With a software firewall, it doesn't prevent trojans etc from getting into your PC but if anything tries to get out, it will flag up a message asking if you want to allow it. My understanding of hardware firewalls is that they're pretty much the opposite. They simply don't allow trojans to get in in the first place. But how do they know what is a trojan? Many web sites include Java & ActiveX controls which do various things. How does the firewall know which are malicious and which are benign?
And what if I specifically want to download an executable file - e.g. from an FTP site? My experiences of actually trying to send an exe to someone with a hardware firewall have always been bad. Are these hardware firewalls all they're cracked up to be?
|
03-08-2006, 09:29 PM
|
Lab Master Techie
|
|
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
|
|
I think software firewalls are good because they provide a human element (you) to them.
A hardware firewall won't stop some program you download from connecting to the internet (unless said port is blocked)...
I even use zone alarm at work where we have a cisco firewall... just to be safe.
I don't 100% trust hardware firewalls.
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net
|
03-08-2006, 10:54 PM
|
Techie
|
|
Join Date: Oct 2002
Location: Manchester, England
Posts: 116
|
|
Thanks for the advice, Jason. As it happens, my computer can dual-boot into either Windows 2000 or XP. Under XP, Zone Alarm works flawlessly - but under Win2K, it keeps "getting in the way" and refusing to connect to certain web pages - even diffferent pages within the same site. In fact, it won't let me send emails on one of my accounts either!!
I know that Zone Alarm is causing the problem because if I uninstall it and re-install, everything's fine for a few weeks - but slowly, it starts to intefere again. Zone Labs say that the TrueVector service must be getting corrupted - but I don't know what that means or how to prevent it...
|
03-08-2006, 11:09 PM
|
Lab Master Techie
|
|
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
|
|
I haven't used 2000 in a long time on my system, so I guess i'm not much help there. Any firewall is better than no firewall.
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net
|
03-26-2006, 09:08 PM
|
|
Super Moderator
|
|
Join Date: Aug 2001
Location: Phoenix, Arizona
Posts: 2,781
|
|
The advantage to hardware firewalls is that hackers and malware can't reconfigure it nearly as easily as software firewalls. Software can be easily compromised because by nature it is easily modifiable, while hardware is not. At the same time, this allows software to be upgraded and updated easily (and a lot cheaper).
|
04-25-2006, 02:44 PM
|
|
> I think software firewalls are good because they provide a human element (you) to them.
the only reason in your case that hardware firewalls do not, is that you don't own or manage them yourself.
> A hardware firewall won't stop some program you download from connecting to the internet (unless said port is blocked)...
since port blocking and application layer filtering are a key component to both hardware and software firewalls I fail to see your point.
> I even use zone alarm at work where we have a cisco firewall... just to be safe.
So your real argument is that you don't trust the network you're on, in which case make the firewall as local as possible. Though this is not what JohnE seems to be asking for, since he is debating whether to purchase and manage his own firewall.
> I don't 100% trust hardware firewalls.
The only reason you don't trust hardware firewalls is that you aren't the one in control of the administration of it at your work. You are misplacing the trust you should have instead placed on those who you don't trust to configure your firewalls at work.
Not trusting hardware firewalls is such a ridiculous statement, as they are not unlike software firewalls. Hardware firewalls also run on their own software. To claim that you don't trust hardware is bordering on my level of paranoia because you might as well be paranoid about your own computer being untrusted, much less the activity on the network you use.
|
01-24-2009, 12:52 AM
|
Techie
|
|
Join Date: Sep 2002
Location: UK
Posts: 23
|
|
LOL, browsing through these old pages this made me chuckle...
Quote:
"I think software firewalls are good because they provide a human element (you) to them."
|
Any security expert in the world will tell you that the biggest security risk to any network is the user. Users are stupid, so when you give a user power over something which is there to protect you, you're effectively opening up a big gaping hole.
Hardware firewall is an appliance that sits inline between you and the interweb and filters traffic. Obviously you configure what it should filter. Obviously if you mess up here, you're defeating the point of even having a software firewall, which FYI filters on the NIC of the PC it's installed on.
__________________
-- The System Will Destroy Itself !! --
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:41 AM.
Powered by vBulletin® Version 3.6.5 Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
|