Types of Firewalls

Hardware and software

A firewall is a barrier between your computer and the rest of the world. The computer term is derived from physical firewalls in buildings or cars that block fire from spreading. A firewall is also analogous to a lock on a door -- it prevents those without keys or access codes from entering. Firewalls enforce security policies. These policies or rules are in the form of built-in (usually user-controlled) filters that permit access only to authorized users.

There are two types of firewalls: software and hardware (such as those built into routers). Both serve identical functions. When packets of information enter your computer, the filters examine the source of the data and the destination of the data. The firewall does this by comparing the incoming information to the criteria set or established by the filters. If the information passes scrutiny, the information is forwarded on to its destination. Any unacceptable data is deleted or blocked before it reaches your hard drive.

A good firewall is customizable. This means that you can add or remove filters according to your needs. With a firewall, you can set up parameters to restrict data that is allowed to enter your home computer or network. Practically speaking, these rules give you control over what websites people can view or what activities they can perform. Users can grant or deny access to specific sites, and most firewalls have a pre-approved list of reputable websites, which shortcuts configuration.

In addition to monitoring traffic from the Internet, firewalls control traffic flow on your own local network. While this might not be important for a small home network, it can be critical on a large, corporate network, for example, to keep sensitive company information shielded from users who are not authorized to see it.

Every computer has a unique numerical Internet protocol (IP) address, which is used to identify it and your local network. A firewall's filters can hide your computer's IP address, making your computer invisible to hackers. Your computer uses ports to connect to various services. Internet access (HTTP), for example, goes through port 80. File transfer protocol (FTP) uses port 21. A firewall can close unused ports to prevent an attacker from entering through an open port. Another firewall filter can block specific domain names. You can also configure the firewall to prevent FTP activity (which allows you to upload or download files). There are also filters relating to words or phrases that allow you to block access to sites containing material you might find objectionable.

Firewall software works differently than hardware, but the two can be used together to create a powerful level of security. If you own a router (wired or wireless), for example, it probably includes firewall hardware. A main advantage of such hardware is that it uses no system resources, because it works independently from your computer. It can also protect multiple computers on a network. Hardware can be more difficult to customize, however, especially for beginners, but such firewalls are usually effective even without configuration. Since a router has its own IP address, potential hackers can't see your computer -- they can only see the router.

Software provides some of the best protection against viruses, worms, Trojan horses and other malicious programs. One disadvantage of firewall software is that it can slow down system performance, especially if you have an older computer. A flaw of firewall software is that it doesn't totally hide your IP address from the outside world. It closes unused ports and monitors traffic to and from open ports.

If you use your computer mainly for email and casual web surfing, firewall software is probably all you need. However, if you use your computer for work, store financial information on it or use online banking, then you should also consider firewall hardware. If you have a wired or wireless router, it likely already includes such hardware. See our wireless router report for more information.