大多数计算机用户都熟悉防火墙(Firewall)这个术语。防火墙是监控传入和传出连接的硬件(Hardware)设备或软件(Software)程序,用于分析数据包数据是否存在恶意行为。正如定义所说,有软件(Software)和硬件防火墙(Hardware Firewalls)。在这个现代时代,我们实际上是在与黑客、恶意软件和病毒开发者交战,一直以来,数据安全已成为首要问题。为了保护我们的计算机,我们使用防病毒(AntiVirus)和防火墙等安全软件——(Firewalls –)正如我们刚才提到的,有两种防火墙——硬件防火墙(Hardware firewalls) 和软件防火墙(Software firewalls).
硬件(Hardware)防火墙与软件(Software)防火墙
在本文中,我们将讨论软件防火墙(Software Firewall) 和硬件防火墙(Hardware Firewall)之间的区别。
硬件防火墙
硬件防火墙(Hardware Firewalls)主要出现在宽带调制解调器中,并且是第一道防线,使用数据包过滤(Packet Filtering)。在Internet数据包到达您的 PC 之前,硬件防火墙(Hardware Firewall)将监视数据包并检查它的来源。它还检查 IP 地址或标头是否可以信任。经过这些检查后,数据包就会到达您的 PC。它会根据设备中当前的防火墙(Firewall)设置阻止任何包含恶意行为的链接。硬件防火墙(Hardware Firewall)通常不需要大量配置。大多数规则是内置和预定义的,并且基于这些内置规则;包过滤(Packet Filtering)完成。
今天的技术已经有了很大的改进,不仅仅是传统的数据包过滤(Packet Filtering)。硬件防火墙(Hardware Firewall)具有内置的IPS IPS / IPDS(入侵防御系统(Intrusion Prevention Systems)),以前它曾经是一个单独的设备。但现在这些都包括在内,为我们提供了更大的保护。
当IPDS检测到恶意活动时,它会发送信号并重置连接,并阻止 IP 地址。它使用基于签名、基于统计异常和有状态的协议分析。您可以在此处(here)阅读有关此内容的更多信息。但我发现的主要缺点是它允许所有传出数据包,即,如果恶意软件偶然进入您的系统并开始传输数据,除非用户意识到它并决定停止它,否则它将被允许。但在大多数情况下,这不会发生。
硬件防火墙(Hardware Firewall)通常适用于拥有 5 台或更多 PC 或合作环境的中小型企业所有者。主要原因是它变得具有成本效益,因为如果您要购买10 到 50 个副本的Internet Security/Firewall软件许可证,而且也是按年订阅,这将花费大量资金,而且部署也可能成为一个问题。用户将更好地控制环境。如果用户不精通技术,并且他们选择无意中允许具有恶意软件(Malware)行为的连接,则可能会破坏整个网络并使公司面临数据安全风险。因此,在这种情况下,硬件防火墙可能非常有用。
在购买基于硬件的防火墙之前,您总是需要考虑一些事情。(things you have to consider)网络中的用户数量,网络中的VPN用户数量,因为低估数量可能会耗尽设备的性能并影响Internet连接的性能。此外,请确保您有足够的VPN客户端连接许可证,并且它也支持 SSL(SSL)、PPTP等连接。即使您必须付费订阅,也可以订阅 - 因为订阅意味着您可以获得最新的定义。
制造商现在包括网关防病毒(Gateway Antivirus)、恶意软件(Malware)扫描程序和内容过滤器(Content Filters),因此您将获得最大程度的保护。例如,思科硬件(CISCO Hardware)在选定设备上包含“Cisco ProtectLink 安全解决方案”。它解决了特定的安全威胁,作为整体安全的一部分,该方法提供了针对不同威胁的多层保护。
有很多公司可供您选择,例如CISCO、SonicWall、Netgear、ProSafe、D-Link等。请确保您在设置时拥有经过认证的网络专业人员或良好的技术支持,因为相信我,您需要当您配置系统时。
阅读(Read):不同类型的防火墙:它们的优缺点
软件防火墙
既然我们知道了硬件防火墙(Hardware Firewalls)的工作原理,我将稍微谈谈软件防火墙(Software Firewalls)。老实说,软件防火墙(Software Firewalls)不需要太多解释,因为我们大多数人都知道它并且已经在使用它们。就像我在硬件防火墙(Hardware Firewall)部分所说,如果用户不精通技术并且他们选择允许具有恶意软件(Malware)行为的连接,则可能会破坏整个网络并使公司面临数据安全风险。这就是软件防火墙发挥作用的地方,因为我们可以在这里阻止传入和传出连接并设置可信规则,从而避免这些事故。(That’s where software firewall comes into the picture, as here can we block both incoming and outgoing connections and set up trusted rules so these accidents can be avoided.) 防火墙供应商不断研究此事,并在需要时查看更新,因此您的计算机受到攻击的可能性很小。
选择适合您的完整Internet 安全(Internet Security)解决方案是一项令人困惑的工作。当您在论坛中搜索时,您会看到一场激烈的辩论,每个成员都在为自己喜欢的人辩护。你会迷失在这些辩论中,最终比你开始时更加困惑。规则是明确你的优先事项。创建一个你想要的东西的列表。例如,您想要免费的防火墙(Firewall)解决方案还是付费的?您的防火墙(Firewall)需要哪些功能,需要哪些附加功能,例如反垃圾邮件(Antispam)、Web 保护(Web Protection)、恶意软件(Malware)扫描程序、防病毒(Antivirus)等。您想加入Internet 安全套件吗?(Internet Security Suite)? 一旦你决定,然后比较功能。我一个人使用 Windows防火墙(Firewall)。我发现它的唯一缺点是,默认情况下,它允许所有传出连接。所以我使用了一个名为Windows Firewall Control的附加应用程序——我们可以设置它来阻止所有传出连接以及我们想要的设置规则,只需单击一下即可。他们有免费版和专业付费版,但免费版绰绰有余。Windows Firewall Control 和Windows Firewall Notifier是您可以查看的另外两个免费软件。
正如Marcus J. Ranum所说,“计算机安全无非是对细节的关注(attention to detail)和良好的设计(good design)”。希望这将帮助您决定您想要哪一个。
Sophos XG Firewall Home Edition是一款您可能想看看的硬件型防火墙软件。
Tomorrow we will list some good freeware third-party firewall software for Windows, so stay tuned! But while on this topic, we’d love to hear of any hardware firewalls you’d like to recommend.
Hardware firewall vs Software firewall - Difference
Most computer users are familiar with the term Firewall. Firewalls are Hardware devices or Software programs that monitor incoming and outgoing connections analyzing the packet data for malicious behavior. Like the definition says, there are both Software and Hardware Firewalls. In this modern age, we are literally at war with hackers and malware and virus developers, all the time and data security has become the number one concern. To protect our computers, we use security software like AntiVirus and Firewalls – and as we just mentioned, there are two kinds of firewalls – Hardware firewalls and Software firewalls.
Hardware firewall vs. Software firewall
In this article, we’ll talk about the difference between Software Firewall & Hardware Firewall.
Hardware Firewall
Hardware Firewalls are mostly seen in broadband modems, and are the first line of defense, using Packet Filtering. Before an Internet packet reaches your PC, the Hardware Firewall will monitor the packets and check where it comes from. It also checks if the IP address or header can be trusted. After these checks, the packet then reaches your PC. It blocks any links that contain malicious behavior based on the current Firewall setup in the device. A Hardware Firewall usually does not need a lot of configuration. Most of the rules are built-in and predefined and based on these inbuilt rules; the Packet Filtering is done.
Today’s technology has improved so much that it not just the traditional Packet Filtering which is carried out. The Hardware Firewall has built-in IPS / IPDS (Intrusion Prevention Systems), which earlier used to be a separate device. But now these are included, offering us greater protection.
When an IPDS detects malicious activity, it sends and signal and reset the connection, and blocks the IP address. It uses signature-based, statistical anomaly-based, and stateful protocol analysis. You can read more about this here. But the main drawback I find is that it allows all the outgoing packets, i.e., if by chance, malware got into your system and started transmitting data, it would be allowed unless the user became aware of it, and decided to stop it. But in most cases, this does not happen.
Hardware Firewall is typically good for small or medium business owners, with 5 or more PC or a co-operate environment. The main reason is that it then becomes cost-effective because if you’re to purchase Internet Security/Firewall software licenses for 10 to 50 copies, and that too on an annual subscription basis, it will cost a lot of money and deployment could also be an issue. The users will have better control over the environment. If the user is not tech-savvy and if they choose to inadvertently allow a connection that has Malware behavior, it could ruin the entire network and put the company at risk with data security. A hardware firewall could thus be very useful in such cases.
There are always few things you have to consider before buying a Hardware-based firewall. The number of users in your network, the number of VPN users in your network, because underestimating the number could exhaust the performance of your device and affect the performance of the Internet connection as well. Also, make sure you have enough license for VPN client connection, and it has SSL, PPTP, etc. connection support too. Even if you have to pay a subscription, go for it – because a subscription means that you get the latest definitions.
Manufacturers are now including Gateway Antivirus, Malware scanners, and Content Filters, so you’ll get maximum protection with them. For example, CISCO Hardware includes “Cisco ProtectLink Security Solutions” on selected devices. It addresses a specific security threat, and as part of overall security, the approach provides layers of protection against different threats.
There are a lot of companies you can choose from like CISCO, SonicWall, Netgear, ProSafe, D-Link, etc. Make sure you either have a certified network professional with you while setting up or good tech support because trust me you’ll need them when you configure the system.
Read: Different types of Firewalls: Their advantages and disadvantages
Software Firewall
Now that we know how Hardware Firewalls work, I’ll talk a bit about Software Firewalls. To be honest, Software Firewalls do not need a whole lot of explanation because most of us are aware of it and are already using them. Like I said in the Hardware Firewall section if the user is not tech-savvy and if they choose to allow a connection that has Malware behavior, it could ruin the entire network and put the company at risk with data security. That’s where software firewall comes into the picture, as here can we block both incoming and outgoing connections and set up trusted rules so these accidents can be avoided. Firewall vendors constantly research in this matter and see out updates as and when required, so the chances of your computer getting compromised are slim.
It’s a confusing job to pick a complete Internet Security solution that is just right for you. When you search in forums, you can see a flaming debate, where each member is defending their favorite ones. You’ll be lost in these debates ending up more confused than when you started. The rule is to set your priorities straight. Create a list of things you want. For example, do you want a free Firewall solution or paid one? What features you need in your Firewall, What additional features are required, like say Antispam, Web Protection, Malware scanner, Antivirus, etc. Do you want to go in for an Internet Security Suite? Once you decide, then compare the features. I for one use Windows Firewall. The only drawback I find it has is that, by default, it allows all the outgoing connections. So I used an additional application called Windows Firewall Control – which we can set up to block all the outgoing connections and also the setup rules for the ones we want, with a simple click. They have both a free version and a professional paid version, but the free version is more than enough. Windows Firewall Control and Windows Firewall Notifier are the other two freeware you could check out.
Like Marcus J. Ranum said, “Computer security is nothing but attention to detail and good design”. Hope this will help you decide which one you want.
Sophos XG Firewall Home Edition is a hardware-type firewall software you might want to take a look at.
Tomorrow we will list some good freeware third-party firewall software for Windows, so stay tuned! But while on this topic, we’d love to hear of any hardware firewalls you’d like to recommend.
