Ask the Expert

Dedicated vs. host-based firewalls

I am currently evaluating firewall solutions for a test network. Is there NT-based firewall software that is as secure as a hardware solution? Also, do you have an opinion on a product put out by Novell called NetWare firewall for NT?

    Requires Free Membership to View

By firewall software, I am assuming you mean host-based firewall software, as all hardware-based solutions are really a separate machine running firewall specific software.

Dedicated firewalls and host-based firewall software are both useful. However, if I were only to use one of them, I would select the dedicated firewall. The reason is that potential attacks can be stopped before they ever even reach the machines that are being protected. With a host-based system, the attacks are reaching the targeted machines and then (potentially) stopped. Most dedicated firewalls will also provide Network Address Translation (NAT). While NAT is not a security feature in and of itself, it does add an additional layer of complexity that an attacker would need to overcome to penetrate the machines on the network. If you follow the model of Security in Layers or Defense in Depth, the best solution would be a dedicated firewall for the network, with host-based software firewalls for the individual machines on the network.

I have not used the NetWare firewall from Novell and thus cannot offer any opinion.


This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: