Firewall Software
From Info Wiki
Jump to navigationJump to search
Packet-Filtering v Router
a perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN
Packet-Filtering
Advantages
- no additional hardware, cost, wattage
- zero acreage
Disadvantages
- generally less "hardened"
- many more background prolcesses need to be running to support user apps
Linux
Most Linux include a packet-filtering style firewall
- usually activated, by default
- but check
- efficacy likely to be similar
- based on iptables
- may also include ip6tables and ebtables
- administrative interface specific to distribution
- "Guarddog" in KDE provides consistent interface
Mac OSX
citation needed
Windows
citation needed
Gateway/Router
Although these are typically a separate hardware item they are not necessarily an additional hardware item, often being combined with an ethernet switch and/or DSL modem
Advantages
- generally more "hardened"
- by eliminating many background prolcesses that are not needed to support user apps
- single point of installation, configuration and update
- provides protection to "visiting" laptops etc
Disadvantages
- possible additional hardware, cost, wattage
- although often combined in a single unit with modem and/or ethernet switch
- sporadic updates for commercial units
- OTOH frequent updates available for DIY units
Recommendations
- most households now have more than one device accessing the Internet
- a separate Gateway/Router device makes sense in this scenario
- portable devices (laptops, sub-compacts etc) should additionally have a filtering firewall enabled
- should not conflict with router, when at "home-base"
For further recommendations see (Gateway_Router)
Rpeters10:53, 21 September 2012 (EST)
