Hardware vs software firewalls

I've been using a Mentor modem-router with no hardware firewall and had a software firewall instead (Zone Alarm). My router has just died on me and I don't want to get another Mentor as they are pretty basic, I was thinking maybe Netgear or one of the other leading brands. Afaik these all have hardware firewalls which I'm a little wary of. If I get one with a hardware firewall it will make Zone Alarm redundant and I will lose control over my program permissions won't I? I really liked the freedom to pick and choose that I've had with Zone Alarm. It will also mean that some programs just won't work (afaik) until I tweak the settings (assuming I can) whereas before I just had to tell ZA yes or no when programs wrere trying to get access. Are hardware firewalls, Netgear ones anyway, easy to modify for program permissions or would I just be better off getting another modem-router that doesn't have a hardware firewall. That is assuming Netgear or one of the major brands make one.

 

It is Not redundant you do need both.

Link: Basic Protection for Broadband Internet Installation.

Link to: Assemble a Freeware Security suit for Internet Connection Protection.]

 

Also it's worth noting, you'd be hard pressed to find a router that doesn't have a HW firewall built in. Actually, they don't exsist. A router by nature has to have a firewall. If it doesn't, then it's not a router.

HW firewalls are also adjustable so they won't break anything. Also, as with anything on computers it's better to have a HW solution then a SW solution. Software solutions are much easier to break or have problems with, so if you've got a choice and you're just going to run one it's better to run a HW one.

 

I have the Linksys WRT54G with built in hardware firewall and nothing has ever got passed it. Have a licence of Blackice for 5 computers, installed on all 5 in my house and it never shows any sign of activity, just application protection, so Linksys is one to consider.
As you said Netgear and also D-Link are ok, stay away from Belkin though

 

A lot of routers DO have hardware firewalls, but some do not.

Coco, don't confuse NAT with a firewall, they are not the same thing.

 

Adrynalyne, I'm not confusing NAT with a firewall. Although if you can list a name of a router which doesn't include a firewall I'd happily admit I'm wrong, I've never heard of it, and in college they said they don't exsist, of course colleges arn't perfect.

I don't really see how they could, since a router basicly has to be a firewall in order to do it's job.

 

I'll look, but revision1 of the WRT 54G did not have an SPI firewall. I'll find some more examples, I am sure.

 

Here ya go.

http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=561

No firewall.

To say that all routers have firewalls, is to be confusing the term NAT w/ firewall.

 

No, thats not right.

NAT makes sure the packets go where they need to. Most people these days don't even use their routers as such, but more as a glorified switch.

A firewall allows you to specify what is to be blocked, what is to be allowed, and SPI allows the firewall to check packets on an individual basis for malicious content.

A firewall does not do what NAT does. NAT does not perform firewall functions, however it does add a nice layer of security.

http://www.webopedia.com/TERM/S/stateful_inspection.html

http://www.webopedia.com/TERM/N/NAT.html

http://www.webopedia.com/TERM/f/firewall.html

 

It didn't when it was first released but now with the latest firmware installed it does

 

My Mentor router didnt have a firewall built in, I'm pretty sure about that. Like I said, they are very basic.

I'm a little confused that you are saying I need a software AND a hardware firewall, I thought that would have resulted in a conflict. I read the link and that says a router stops unasked for stuff coming in, is that all hardware firewalls do? If that's the case then I can see why a software firewall would be needed.

My main issue with a hardware firewall is that I have no program control like I do with ZA, afaik, so I wouldn't be able to set up permissions on what can and can't get access? Or is it a case that the hardware firewall only blocks incoming and the software firewall deals with the rest as was said in the previous bit.

Think I'm getting there!

 

http://www.smallbusinesscomputing.com/webmaster/article.php/3103431

 

Good article, sums everything up.

 

Ok, I get it, I need both.


Ironically I got given an ADSL modem and the subject of hardware firewalls is now irrelevant really with this set up, can't afford a decent router atm so I'll just have to live with software firewall only!