Router
Firewall vs. Software Firewall
To defend against data loss
and theft, companies need as much protection as possible from external threats.
Hardware and software firewalls prevent malicious traffic from reaching
computers connected to the network, but don't provide the same level of
protection. Each has advantages and disadvantages.
Hardware Firewall
The router is the first
line of defense against potential threats. The device assigns a private IP
address to each of the computers that connect to the local area network, and
then uses a process called network address translation to map the private
addresses to a single public address. NAT acts as a firewall, hiding the true
addresses of attached equipment and controlling what traffic reaches each PC.
The firewall restricts data transmission through most Transmission Control
Protocol and User Datagram Protocol ports -- paths IP packets must pass through
to reach a host -- although businesses can open ports associated with critical
applications.
Software
Firewall
Unlike a firewall on a
physical routing device, which protects all of the computers on the LAN, a
software firewall just defends the host it's installed to. Software firewalls,
however, limit not just what traffic reaches a computer, but also what data leaves
the network. For example, most of these firewalls block TCP port 25, the
default port for Simple Mail Transfer Protocol, which is used to deliver
messages to an email server. Mass-mailing worms abuse port 25 to send spam to
new targets, so a typical software-firewall precaution is to block that port
unless it's explicitly needed. Companies that use Virtual Private Networks to
connect together remote LANs over the Internet need a software firewall to keep
worms and other malicious traffic from exiting an affected network.
No comments:
Post a Comment