Uses for Host Software Firewalls
The next step up from a native OS firewall (or even an OS without a firewall) is a third-party host software firewall. These options include both open-source and commercial software firewalls for most OSs.
You can use a host software firewall in several situations. The first and most obvious use is simply to protect a client system. Keep in mind that a host software firewall provides protections for both inbound and outbound communications. A host software firewall protects the client from compromises on the network and protects the network from compromises on the client.
Use a host software firewall as an additional layer of protection on a server system. Most server operating systems do not include a host software firewall. Therefore, a dedicated firewall appliance is often deployed on the network. A host software firewall on a server is never a substitute for an appliance firewall. However, it can be a supplement.
NOTE
Before installing any third-party software firewall, always double-check for full compatibility with your current OS version and patch level. If the firewall’s documentation does not specifically list your OS as fully compatible, do not assume that the device will work properly. Firewall security is not something to leave to chance.
A host software firewall can provide firewall-filtering services in relation to a VPN. Just because the VPN link may be encrypted does not guarantee that the other end of the VPN connection is as secure as you might desire. Using a host software firewall in conjunction with either a software host VPN (such as a transport mode VPN or a remote access VPN) or an appliance VPN adds an additional layer of protection against compromises that could traverse the VPN connection.
NOTE
When installing a third-party software firewall, make sure all native or other firewalls are disabled or uninstalled. Do not attempt to run two software firewalls simultaneously on the same computer system. It is acceptable to run different software firewalls on different systems and to even use one or more appliance hardware firewalls. Just do not attempt to use two software firewalls on one system.
A host software firewall can provide modest protection for small networks. Home networks, gaming networks, and small office networks are sometimes constructed using a primary system connected to the Internet that shares that connection with a small network off a secondary network interface. On a Windows system, the Internet Connection Sharing (ICS) service makes this type of network configuration simple. Use a host software firewall and provide the secondary network with modest firewall-filtering services.
A host software firewall likely has many other uses. Use host software firewalls in any network configuration with the proper research and testing. The goal is to establish additional layers of security, not to conform to static notions of design and implementation.
Examples of Software Firewall Products
Software firewall products are important options to consider when designing and deploying a security solution for home environments, as well as corporate IT infrastructures. A host of third-party software firewalls are worth considering. Here are just a few of the more widely known options:
- Check Point ZoneAlarm (free and retail)
- Comodo Firewall (free)
- eConceal (retail)
- Jetico Personal Firewall (retail)
- Lavasoft Personal Firewall (retail)
- TinyWall Firewall (free)
- GlassWire Firewall (retail)
In addition to standalone, third-party firewalls, some firewalls come packaged as part of a security suite. These suite-member firewalls are not available as standalone products. However, the collection of security applications might be worthwhile if you do not already have existing solutions for antivirus or anti-malware. Some security suites to consider include:
- AVG Security Suite
- Computer Associates (CA) Internet Security
- F-Secure Internet Security
- McAfee Personal Firewall Plus
- Avast Security Suite
- Microsoft Security Essentials
- Norton Internet Security and Norton 360
- MalwareBytes Internet Security
- Trend Micro Internet Security
- Webroot Internet Security Essentials
Using Windows 10’s Host Software Firewall
The native Windows Defender Firewall in Windows 10 (FIGURE 5-11) is a sufficient security measure for many situations. Before rushing to replace this free security component, take the time to evaluate the benefits of this capable firewall option. Windows Defender Firewall in Windows 10 is a host software firewall. However, it can be used in a variety of situations and network configurations for most home, SOHO, and mobile environments.
FIGURE 5-11 Windows Defender Firewall with Advanced Security configuration dialog box.
Used with permission from Microsoft.
Windows Defender Firewall in Windows 10 includes configuration profiles, so you can create custom firewall configuration settings for work, home, and public connections. This allows strict limitations in public, modest settings at work, and more options available when accessing from home (or whatever your preferences). The benefit is that, once configured, the firewall will adjust its settings based upon the network connection each time you are connected to a known, previously accessed network.
Windows Defender Firewall creates a password-protected homegroup or workgroup that allows file- and printer-sharing between systems authorized by a password. This is an improvement over previous versions of Windows Firewall, which often encouraged users just to turn off the whole firewall rather than properly configure file- and printer-sharing access rules. In addition, this applies not just to Windows systems, but to any devices or computers recognized as media sharing devices (such as an Xbox 360).
Other Windows Defender Firewall improvements in the Windows 10 version include a more granular control and configuration management interface, more extensive logging, and extended ability to be managed from a command line (using the netsh advfirewall firewall command instead of the previous netsh firewall command).
Although it is not revolutionary and still lacks a few features, such as being a true two-way personal firewall with program control, Windows Defender Firewall is a worthwhile host software firewall for most clients in most network situations. That said, you should still explore how this product fits your own computing environment and security needs.
Using a Linux Host Software Firewall
A Linux system can benefit from a host software firewall, or it can support a software firewall for a network. The first idea is just to install a host software firewall for the benefit of the local user. This is the same idea as Windows Defender Firewall in Windows 10. A variety of open-source and commercial host firewall options are available for Linux, including:
- IPFire
- pfSense
- IPtables or Netfilter
- Untangle NG
- UFW
- VyOS
- Smoothwall
If you selected Linux for its low cost of entry, then selecting an equally low-cost host software firewall is often an attractive option. However, paying for commercial host firewall products might offer a greater range of functions or services, along with better technical support.
Using a Linux software firewall as a replacement for a commercial firewall appliance can be a very cost-effective solution. Linux often can repurpose computer hardware that is no longer sufficient to support larger, bulkier, more resource-intensive operating systems, such as Windows. Linux can often extend the useful lifetime of computer hardware by several years. A repurposed computer system running Linux is a great option for use as a software firewall host.