Microsoft's latest strategy for security advises "use an Internet firewall." The company then suggests using a "hardware" or "software" firewall. So, which one of the two should you choose?
The answer is both, and here's why:
Hardware firewalls are your first line of defense. Most of the latest worms blast out billions of packets and clog up networks. A software firewall, which sits on your PC, will stop your PC from getting infected, but it won't keep this traffic off your network. However, a hardware firewall, which is installed at the perimeter, will. Plus, if you have lots of PCs and various excuses for not keeping some of them patched, a hardware firewall will help to prevent worms from reaching these vulnerable PCs. Hardware firewalls also protect against many other threats and typically perform Network Address Translation, which is also very useful.
Unfortunately, you also need a software firewall installed on each PC because worms are going to get past the perimeter firewall, and once they do, only firewall software (and of course, patched PCs) will save you.
Part of the problem is that worms these days have multiple attack vectors. They attack you via open TCP/IP ports, and they also spread via e-mail and web pages. Although the more expensive firewalls can inspect SMTP/IMAP protocols and strip out any Java or ActiveX they find, some spread without scripts by tricking users into installing them.
The other part of the problem
Therfore, Microsoft's strategy should really be:
- Use a hardware firewall at the perimeter and KEEP IT PATCHED
- Use a software firewall on each PC and UPDATE IT REGULARLY
- Patch your Windows PCs quickly
- Use anti-virus software on your e-mail server and each PC and update it regularly.
Thomas Alexander Lancaster IV is a consultant and author with more than 10 years experience in the networking industry, focused on Internet infrastructure.
This was first published in November 2003