Microsoft's latest strategy for security advises "use an Internet firewall." The company then suggests using a "hardware" or "software" firewall. So, which one of the two should you choose?
The answer is both, and here's why:
Hardware firewalls are your first line of defense. Most of the latest worms blast out billions of packets and clog up networks. A software firewall, which sits on your PC, will stop your PC from getting infected, but it won't keep this traffic off your network. However, a hardware firewall, which is installed at the perimeter, will. Plus, if you have lots of PCs and various excuses for not keeping some of them patched, a hardware firewall will help to prevent worms from reaching these vulnerable PCs. Hardware firewalls also protect against many other threats and typically perform Network Address Translation, which is also very useful.
Unfortunately, you also need a software firewall installed on each PC because worms are going to get past the perimeter firewall, and once they do, only firewall software (and of course, patched PCs) will save you.
Part of the problem is that worms these days have multiple attack vectors. They attack you via open TCP/IP ports, and they also spread via e-mail and web pages. Although the more expensive firewalls can inspect SMTP/IMAP protocols and strip out any Java or ActiveX they find, some spread without scripts by tricking users into installing them.
The other part of the problem is that odds are many of your users are mobile. If your sales staff or executives take their laptop to an infested customer's office and plug into the infected network, as soon as they return home, every vulnerable PC on your network will get infected and your perimeter firewall can't help because the worm is already inside.
Therfore, Microsoft's strategy should really be:
- Use a hardware firewall at the perimeter and KEEP IT PATCHED
- Use a software firewall on each PC and UPDATE IT REGULARLY
- Patch your Windows PCs quickly
- Use anti-virus software on your e-mail server and each PC and update it regularly.
Thomas Alexander Lancaster IV is a consultant and author with more than 10 years experience in the networking industry, focused on Internet infrastructure.
