11-28-2011 04:13 AM
For my home network, my gateway has a built-in firewall and my computers have their own firewall too. So far it's working fine.
I heard some of them said this configuration is better, as firewall from different vendors has it's vulnerability. Using both with the correct configuration provides dual protection. (Similar to Back-to-back deployment) If one is down, the other is still protecting it.
Some of the users prefers to have either software or appliance firewall, as they said less inspection and better network performance.
However, I have seen organizations with either using only appliance firewall or both appliance + software firewall.
What is the best practice for implementing / choosing different kinds of firewall setup?
Please advise. Thanks!
(Current: W520 4284-A99) (Refunded: W510 4876-A11)
Does someone’s post help you? Give them kudos as a reward, as they will do better to improve
Mark it as solved if the solution works for you, so it could be reference for others in the future
Dolby Home Theater v4 (ThinkMix V2)!
Solved! Go to Solution.
11-28-2011 04:36 AM
Using both with the correct configuration provides dual protection. (Similar to Back-to-back deployment) If one is down, the other is still protecting it.
For the home user, I agree with that approach -- in other words: a "belt and suspenders".
I'm a firm believer in a hardware as well as a software firewall. If malware can get through the hardware firewall, the software firewall is still there for protection.
I am not employed by Lenovo or Microsoft. I am a volunteer.
Microsoft MVP - Consumer Security
11-28-2011 12:28 PM
Supplementing what Bugbatter stated, there really are two major types of "directional" malware: those that are "inbound" and those that are "outbound" There is no question that a hardware firewall does a great job of protection a LAN from inbound threats, e.g., port scans. However due to hardware firewalls' inherent design, they do not provide protection from outbound threats, e.g., Trojan backdoors for an example. Software firewalls, or HIPS, which can provide software specific protection, are far more effective in protecting systems from outbound threats. It is the correct combination of both types of firewall protection that offer the greatest protection. At bottom, however, you are the greatest factor in protecting your system from malware. Safe browsing, intelligent limiting of personal information, educating yourself and understanding the nature of malware threats, keeping your security suites up to date, etc., provides the greatest protection.
11-29-2011 02:01 AM
As PCBruiser noted, we're actually talking about a standalone device and a program that you run on your computer which are complementary to each other. While there's a small overlap in protection, using your residential gateway broadband router's firewall and a application firewall program on your computer should neither slow down your connection noticeably, nor should they conflict with each other, so there's no real reason not to use both, if you have them available.
Another useful reason to have a software-based firewall on your computer is if your network connection is shared with others (family members, friends, tenants, and so forth). In the the event another computer inside your network gets compromised with, say, a worm, your firewall should detect the connections from the infected computer and provide you with a warning and block the unauthorized network connection to prevent your computer from becoming infected.
11-29-2011 03:03 AM
It's always good to use both(hardware and software) firewall to complement each other. We have 5 PCs in our home network sharing connection and each system has its own software firewall in addition to the gateway firewall and it's good as it makes us feel more secure.
Though a network may have all the security precautions hardware-software firewalls, antivirus/anti-malware, updates etc. rogues and some nasties are still able to get in so it's also very important that users are well-informed on safe internet browsing and using the computer with security in mind.