Hardware firewall

[BernardStewart]

I have Norton Internet security firwall etc, plus a host of other software to detect adware, malware etc (no one of which does a total job!).

Is there any appreciable advantage to installing a hardware firewall - if so what extra protection will this give?

Any recommendations for the best hardware to deliver extra protection?

 

[erikhertzel]

A hardware firewall can be a great solution because Malware/Viruses/Hackers have more trouble disabling a hardware firewall because it's not software bases. Plus, it's also usually a bit more robust than a software firewall package. Symantec, among others, makes a good hardware firewall that I use and it works well.

HTH,

Erik

 

[2ffat]

We've just put in WatchGuard's FireBox. So far so good. We like it.


James P. Cottingham
-----------------------------------------
^{To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.}

 

[Kesser]

I manage a small network that is virus / spyware free 95% of the time (touch wood) We installed the Dlink ADSL Router with a hardware firewall ..... seems to do the job...

Kes

 

[kmcferrin]

Hardware firewalls are gerat for intrusion prevention and general gateway security, especially if you need DMZ features. If you're concerned about someone hacking/exploiting you through your broadband connection, a hardware firewall would be a good idea. Some of them even do virus scanning these days.

However, if you are trying to prevent adware/malware from being installed on your systems you will probably need to run something at the host level rather than the network level to protect yourself. The firewall can keep out uninvited guests, but if you go to a malicious web site or install software that bundles ad/spyware, you're going to get infected. At my place of business we have a good hardware firewall, we use the Windows XP SP2 software firewall, and run McAfee VirusShield Enterprise on all of the workstations. While I rarely see anything virus related, we get all kinds of spyware on our machines because our users don't know any better.

The best protection is threefold:

1. Hardware and software to prevent infections.
2. Make sure that your users do not have elevated security permissions (power user or administrator).
3. Teach them that not to screw around on the Internet.

 

[SPV]

Sound advice from kmcferrin.

But in a corporate environment point 3 is invariably the hardest to implement. (I couldn't find an emoticon for a techie beating their head against a brick wall...)

A single virus scanner is probably fine, but you might want to consider using a second layer of adware/spyware scanning, perhaps just to run an ad hoc scan every few days. It strikes me that not every antivirus supplier is on the ball when it comes to adware/spyware, but I'm sure they are all working on it.

In fact, Microsoft AntiSpyware has recently come out as a beta release. Its on-access scanning seems pretty hungry on resources, but you can switch that off and just run (and schedule) a periodic scan. I only downloaded it today so I can't comment further, but a couple of my colleagues say it picked up things that even AdAware and SpyBot had missed.

 

[kmcferrin]

Yeah, the MS Anti-Spyware looks like a pretty decent product, and I wholly recommend running some sort of anti-spyware software in addition to a hardware firewall, software firewall, and anti-virus solution. One of the nice things is that the MS Anti-Spyware monitors the registry for changes that malicious software likes to make and will prompt users to either allow or disallow the change. I generally like it overall.

The problem with anti-spyware software in general though is that the average computer user doesn't understand spyware, what it is, how to prevent it, and how their systems can be protected. You can put in a multi-layer security solution like I have, but if that user wants to install that cool screensaver, search assistant, or toolbar, then they're going to continue clicking on "yes" and "permit" until it gets installed. That's why step number 3 listed above is so important. Unless the users understand what is going on, they're only going to piss and moan about the rules (and try to circumvent them as well).