In short, a dedicated firewall is better than a software firewall in the box it is protecting. First, your internal network is hidden from the Internet. Second, port scanning is stopped at the firewall, and does not go through your internal network unless there is an open port. Third, performance. The network activity caused by port scanning, breakin attempts, et. al. causes disk and CPU activity. The low cost cable modem/DSL routers (such as the Linksys BEFSR41) provide the isolation and port protection, but they also provide minimal logging. However, they are usually sufficient for a small home network. The next step is to take an old PC, put two NICS in it, and build a Linux firewall. This gives you better logging and more control over the firewall. Or, you can get a commercial SOHO firewall. I also recommend that you run some minimal firewall on each system in your LAN just in case the first level is breached. The specific strategies depend on many factors and the type of informaiton you store on your systems. In a business environment with employees, you also want to consider that there are vulnerabilities from within as well as without. On 10 Nov 2002 at 21:14, Forrest Halford wrote:
Can you give me an example of a good hardware firewall, and why are software firewalls inadequate?
--
Jerry Feldman