Firewall for personal computer

Can anyone explain firewall to me, in layman terms? I understand that it is for security, from hackers(?). After that can you tell me the difference between software firewall and hardware firewall. I’ve came across a brand new (although outdated) Firebox Soho 6. While it will look good sitting next to my router and modem and external harddrive, I wonder if it has any purpose for a personal computer as it claimed to be for small business use up to 10 computers.

  • Firewall explanation
  • Difference software/hardware
  • Outdated hardware any good (outside system requirements, security level)
  • Hardware provide more security for personal use than software


I sold security software and hardware for many years. While I’m not an expert (I was a sales rep, not an engineer, and we all know how sales guys are ;)) hopefully I can shed some light. If anyone can provide better guidance, by all means, please do.

*** Firewall explanation**
Broadly speaking, a firewall puts some type of barrier, or protection mechanism, between your PC and the internet, requiring inbound and/or outbound traffic to meet specific requirements and/or pass certain inspections before passing through.

Firewalls don’t just protect from “hackers” (I’m assuming you mean an individual who has targeted you specifically and is attempting to intrude into your network - kind of an outdated concept, since most intrusions happen via automated botnets or worms these days) - some types can protect block traffic generated by viruses and worms, as well as prevent infected systems inside your network from connecting to the outside world. If a system does get compromised, this can prevent it from sending your juicy details to some Russian mob outfit.

*** Difference software/hardware**
Hardware firewalls basically operate like a firewall in a car - they put up a barrier between your PC and the internet, and you can “punch holes” in this barrier as you need to (just as you’d punch holes in an auto firewall to run electrical wires or other stuff from the engine to the passenger cabin). These holes (called rules or policies) can be simple, and gaping (open up all ports for HTTP protocol, to and from all IP addresses) or small and very complex (only allow traffic from these IP addresses via these protocols/ports, during these hours). Each hole compromises the integrity of the firewall and reduces its efficacy, so its important to choose carefully.

ETA: while some firewalls will start from an “all open” state, where nothing is blocked or filtered, your Firebox will most likely be “locked down” and you’ll have to open up rules to allow traffic through.

More advanced consumer firewalls, and most enterprise firewalls such as your Soho box, will do “traffic/packet inspection” also known as “application protocol” inspection - this method looks at the actual traffic, peels away all the “layers” of each chunk of data (or packet) being sent/received, and attempts to ascertain whether the traffic is legitimate or malicious. This can be done by “pattern matching” or “heuristics”, where the firewall attempts to guess at the purpose of the packet based on numerous factors, or this can be signature-based, where the firewall has a specific set of “bad” behaviors it looks for.

Hardware firewalls have little or no overhead on the PC, but may bottleneck the traffic as you add more filters and rules, and the more complex rules and policies have a steep technical learning curve and require a working knowledge of network protocols. Since most hardware firewalls are built into routers or switches, the user interface can be quite minimal, and there is little to no handholding to ensure that good traffic doesn’t get blocked inadvertently, or that bad traffic doesn’t get through due to a bad rule.

Software firewalls work differently. They install on the PC itself, and attempt to sequester and scan the various resources in a computer than may initiate network communication. This typically means a combination of application access control (determining which programs can do what), user access control (determining which users can do what) and traffic inspection (similar to that on a hardware firewall, where the software attempts to determe whether the traffic coming into/going out of the PC is attempting something malicious). Software firewalls often come with additional security software, including antivirus/antispyware, antispam, and Intrusion Detection software (although the line gets blurred between ID software and firewall software these days).

Because of all of this, software firewalls have a significant resource hit on the PC, but offer “more immediate” security, since they examine traffic at its destination/source, and typically with more robust inspection than a standard consumer router. The good software firewalls also tend to have an easier learning curve, as they usually have rich interfaces and wizards that handhold the user through the process of changing settings and policy. Some will even scan your system and automatically detect applications which can connect to the internet, and make a best guess at how to filter them.

*** Outdated hardware any good (outside system requirements, security level)**
If your talking about the Firebox - one of the issues you might run into if the firmware is out of date - it may require a subscription to update the firmaware, or to download new packet filtering signatures. Also, support for such devices tends to run pretty steep for consumers.

*** Hardware provide more security for personal use than software**
There are lots of different viewpoints on this - in my opinion, for the layperson with no experience managing network settings, a software firewall will be a better option. It’s easier to manage, and provides more user feedback and more pertinent notifications of potential issues right in the taskbar, while a hardware firewall will usually either have logs you’ll need to manually scan, or will send out email alerts based on certain event thresholds. You will have a resource drain (your mileage will vary depending on the brand, and what software features you enable) but if you can spare the overhead it’s worth it.

Since I work for a security company, it wouldn’t be good form for me to offer any specific product suggestions - I’ll let others do that.

Good luck finding the best solution!

I think people make too much of the distinction between hardware and software firewalls. All firewalls are software firewalls. A firewall is basically an application that inspects packets, after all. It’s just a question of whether the software runs on your computer or on a separate box between your computer and the internet.
It’s true that a hardware firewall will have actual, separate physical adapters connected to the external and internal networks, whereas a software firewall intercepts packets within the operating system’s network stack, so you are relying on the OS to not allow traffic to pass via some other route. But apart from that, the firewall rules, monitoring etc. work in exactly the same way in both types of firewall.

Personally, I use both hardware and software firewalls. Generally, the hardware firewall does not stop outgoing traffic and a good software firewall will tell you when a program is trying to access the internet.

Most malware these days like to invite in their friends from the internet and a good software firewall will give you notice that something is amiss.

That’s not necessarily true - as I mentioned above, some firewalls include different security components like antivirus, antispam, and (important for the purposes of this discussion) Intrusion Detection software. And as I mentioned, the line between firewall and ID functionality gets a bit blurry, but basically ID software provides another method by which the system’s connections are audited - it looks more at holistic system behavior than at the individual packets and connections, and then coordinates with the firewall software to block suspicious connections. These types of systems are really good at catching the type of behavior exhibited by botnet type worms, which typically have multiple vectors for infection, and multiple ways of communicating with other systems and networks to deliver their payload or execute malicious activity.

To buy a network/hardware firewall with true ID software, you’re looking at a significant investment, but these days decent intrusion detection is rolled into your average top-tier client firewall software.

Then, as I mentioned in my earlier post, there’s the issue of ease of use. While one might argue that (other security software notwithstanding) hardware firewalls and software firewalls may essentially be doing the same thing - blocking system X from connecting over Y protocol via port Z, for instance - configuring such a rule in an average hardware firewall can be fairly confusing for a novice, while most decent consumer firewalls have wizards, and other user-comforting features to help build the rule sets.

And I’m imagining that if the OP is asking for an explanation of firewalls, he may not have the familiarity with networking required to set up a proper hardware firewall. And there’s nothing wrong with that - most people shouldn’t need to know all about the IP stack just to keep their computers safe, and that’s where software firewalls come in.