I am currently evaluating firewall solutions for a test network. Is there NT-based firewall software that is as secure as a hardware solution? Also, do you have an opinion on a product put out by Novell called NetWare firewall for NT?
By firewall software, I am assuming you mean host-based firewall software, as all hardware-based solutions are really a separate machine running firewall specific software.
Dedicated firewalls and host-based firewall software are both useful. However, if I were only to use one of them, I would select the dedicated firewall. The reason is that potential attacks can be stopped before they ever even reach the machines that are being protected. With a host-based system, the attacks are reaching the targeted machines and then (potentially) stopped. Most dedicated firewalls will also provide Network Address Translation (NAT). While NAT is not a security feature in and of itself, it does add an additional layer of complexity that an attacker would need to overcome to penetrate the machines on the network. If you follow the model of Security in Layers or Defense in Depth, the best solution would be a dedicated firewall for the network, with host-based software firewalls for the individual machines on the network.
I have not used the NetWare firewall from Novell and thus cannot offer any opinion.
This was first published in November 2001