Firewall Software

From Info Wiki
Jump to navigationJump to search

Packet-Filtering v Router

a perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN

Packet-Filtering

Advantages

  • no additional hardware, cost, wattage
  • zero acreage

Disadvantages

  • generally less "hardened"
    • many more background prolcesses need to be running to support user apps

Linux

Most Linux include a packet-filtering style firewall

  • usually activated, by default
    • but check
  • efficacy likely to be similar
    • based on iptables
    • may also include ip6tables and ebtables
  • administrative interface specific to distribution
    • "Guarddog" in KDE provides consistent interface

Mac OSX

citation needed

Windows

citation needed

Gateway/Router

Although these are typically a separate hardware item they are not necessarily an additional hardware item, often being combined with an ethernet switch and/or DSL modem

Advantages

  • generally more "hardened"
    • by eliminating many background prolcesses that are not needed to support user apps
  • single point of installation, configuration and update
  • provides protection to "visiting" laptops etc

Disadvantages

  • possible additional hardware, cost, wattage
    • although often combined in a single unit with modem and/or ethernet switch
  • sporadic updates for commercial units
    • OTOH frequent updates available for DIY units

Recommendations

  1. most households now have more than one device accessing the Internet
    • a separate Gateway/Router device makes sense in this scenario
  2. portable devices (laptops, sub-compacts etc) should additionally have a filtering firewall enabled
    • should not conflict with router, when at "home-base"

For further recommendations see (Gateway_Router)

Rpeters10:53, 21 September 2012 (EST)