Hardware or software firewalls?

Deciding which type of firewall to use depends on what the company is trying to protect.

Q: Should my company install a software firewall, or buy a dedicated hardware device for that function?

A: As I tell my customers, deciding which type of firewall to use depends on what you're trying to protect.

If you're just worried about a single computer system with Internet access, ZoneAlarm software works well enough for most people.

ZoneAlarm not only alerts you when someone tries to access your computer, but it alerts you when a program on your computer attempts unauthorized access to the Internet.

If the access is valid, you can instruct ZoneAlarm to remember the program and allow access in the future without alerts. Although it's not an antivirus program, ZoneAlarm can also detect Trojan horse and spyware programs.

However, sometimes a software firewall just won't cut it. I suggest using a hardware firewall in these situations:

  • A customer needs Internet access on more than one computer.
  • A customer needs a secure connection to a main office.
  • The client is a branch office.
  • A company needs to host e-mail and Web servers.

Even though it's possible to share an Internet connection and firewall software using one computer as the router, I think it's a bad idea to use a workstation in this manner. Everyone on the network becomes dependent on the reliability of someone else's computer.

If a computer locks up or reboots, it cuts off Internet access. Then people call the ISP (Internet service proider) to complain, even when it's not the source of the problem.

Hardware firewalls don't have to be expensive. For instance, NETGEAR and Linksys models sport sufficient features for a reasonable cost.

Our expert: Jonathan Yarden. This tech tip first appeared in ZDNet Asia's sister site, TechRepublic.