Tuesday, February 24, 2009

Do you need both a physical firewall and a software firewall?

This question is quite often asked over at our forums - "Do I need a physical firewall and a software firewall?" and it's variation - "Since I use Online Armor, do I need to worry about my hardware based firewall?".

A HARDWARE firewall is a separate physical device from your computer.

Your Cable or DSL plugs in one side, and you have a couple of sockets there that you can connect up multiple computers to. If you splashed out an extra couple of dollars, you got an antenna attached as well to enable your wireless network.

If you have one of these beasties, you're already behind a firewall of some kind - and you will also be NAT'd. NAT means "Network Address Translation" - and for our purposes here, it means that your router/firewall has your PUBLIC IP address - and all of the computers behind it have PRIVATE IP Addresses.

What this gives you is quite simple - if I try to connect to your public IP address, it will stop at your router/firewall unless there is some rule allowing it through (and redirecting it to a computer on the inside) or, in case the data is coming back in response to a connection you opened. After all, if you had to open ports on your firewall to get back the web pages you just told your browser to load, the internet would get really hard to use.

Just by being NAT'd and not having ports open, you're getting a measure of security because the bad guys on the outside can't connect to your computer and read your shopping list. I think most people these days (unless they are on dialup) have a hardware firewall of some type. They're cool, and they're useful - they're always on - and they easily allow you to connect up multiple computers together in a home network.

Now - let's take our bad guy - hollywood version. Ruggedly good looking, and up against time he jumps onto the internet - maybe he uses some cool (and completely impractical) 3D user interface involving bricks. Maybe , he's furiously typing 3 letters and watching old BASIC programs scroll past - but he's hacking.... (and probably has a cool scar). It works. He gets into the computer and gets the data/location of hero/missile control codes. Now the good guys have their work cut out for them.

Back to real life. In real life however your home computer is more at risk from things that you do. Certainly, you have your hardware firewall which will defeat inbound automated scans trying to take over your computer - but unfortunately, data gets on to your computer in a number of ways:

  • You go to a web site
  • You download a program
  • You receive email
  • You use P2P programs or other file sharing tools to download
Hackers are sneaky little devils, and motivated these days by money. Their objective is to get your computer and have it work for them - because computers are expensive, so why buy one if you can hijack millions of them.

They'll use any tricks that they can think of to get their program on to your computer. At one end, the program might install toolbars or advertising programs so they get a few cents per click. It might be a keylogger to record (and transmit your keystrokes - especially those that relate to your bank username and password). Your computer could be used as part of a co-ordinated attack to bring someone's website down - for money.

So, if the hackers get this program on to your computer, at some point it's likely to want to connect out to the big bad world.
And what does your hardware firewall do? Nothing.

Enter the Software Firewall.

The software firewall is a program , not a piece of hardware - and it sits on your computer and acts like a traffic cop. Can this program connect? Can that program send data? This program wants to let other computers connect to it.

There are various reasons why computers need to talk to each other - loneliness, romance, sharing printers or files - these are all legit reasons.

With a software firewall, if our hypothetical bad guys get a program on your computer your software firewall should see it - and, it should squeal like an 8 year old girl. (Actually, in an ideal situation, the squealing should only happen in case the program is bad, or unknown - but we'll leave that alone for another day).

So - the software firewall primarily is used to control outbound traffic. Because it runs on the computer itself, it can identify which programs are trying to connect to the outside world, where, and so on. Then you need to use a bit of the old grey matter (or google) to figure out if it should be allowed.

The idea is simple: Software firewall stops bad guys from sneaking data off (and, in as well - though we're assuming your hardware beast already caught it).

There are further complexities that I won't go into now - like programs that try to trick your firewall, or you. Programs that try to bypass it to get the data out - good firewalls will protect against this to some degree.

But - now it comes to the answer to the question....

"Do I need a physical firewall and a software firewall?"

My answer would be a straightforward yes. A physical firewall is cheap, and effective. It will keep a lot of junk out - and it gives you an easy way to share your internet connection.

If you have a physical firewall and a software firewall, you should run them both. After all, if you had two locks on a door would you just choose one of them? People have deadbolts for a reason.

And the last one - do I need a software firewall at all? Well, we wouldn't have spent years writing Online Armor if we thought you didn't :)


Add to Technorati Favorites

Add to Technorati Favorites