Dedicated vs. host-based firewalls

I am currently evaluating firewall solutions for a test network. Is there NT-based firewall software that is as...

secure as a hardware solution? Also, do you have an opinion on a product put out by Novell called NetWare firewall for NT?

By firewall software, I am assuming you mean host-based firewall software, as all hardware-based solutions are really a separate machine running firewall specific software.

Dedicated firewalls and host-based firewall software are both useful. However, if I were only to use one of them, I would select the dedicated firewall. The reason is that potential attacks can be stopped before they ever even reach the machines that are being protected. With a host-based system, the attacks are reaching the targeted machines and then (potentially) stopped. Most dedicated firewalls will also provide Network Address Translation (NAT). While NAT is not a security feature in and of itself, it does add an additional layer of complexity that an attacker would need to overcome to penetrate the machines on the network. If you follow the model of Security in Layers or Defense in Depth, the best solution would be a dedicated firewall for the network, with host-based software firewalls for the individual machines on the network.

I have not used the NetWare firewall from Novell and thus cannot offer any opinion.

This was first published in November 2001

Dig Deeper on Network Firewalls, Routers and Switches



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: