What is an actual hardware firewall?

Question

I have to do a piece of college homework about firewalls and I came across this question, What makes a hardware firewall different from a software one?

If I have a corporate network, and I configure some arbitrary software firewall on one computer, and make all the PCs from this network pass thru this one computer, is this computer considered a hardware firewall?

I understand that some routers have a builtin firewall, and this is considered a hardware firewall. But it's actually a device with a piece of firewall software installed where all computers have to pass thru to get to the internet, right?

Thanks in advance.

Answer 1

A hardware firewall is a network appliance dedicated strictly to performing the functions of a firewall. They may have hardware built specifically to speed the routing of packets, such as large RAM buffers on the network adapters. And they are running an operating system designed to run a network appliance.

A software firewall is an OS-level application performing firewall-like functions running on an ordinary computer that may also be running other applications. Networking functions are accomplished through software running in the OS.

The idea is that a hardware firewall will be "more secure" than a software firewall because it has a reduced attack surface. With no other applications running on the hardware firewall, there are no additional memory buffers to exploit, no extra protocols with vulnerabilities, no unknown programs, no stray ports left open.

If you take an ordinary PC running a desktop OS and run a software firewall on it, it's still a software firewall. The desktop OS may be running dozens of services that don't perform firewall functions, and they increase your attack surface. You may not even be able to disable some ports on a consumer version of Windows 10, for example. However, if you install an OS intended to be a dedicated networking appliance, such as OpenWRT, and if you run only a firewall on it, you'll have security much closer to a hardware firewall; although you probably won't get the same performance as you might with a commercial firewall appliance.

Keep in mind that having a dedicated firewall is one thing; but having a secure configuration on it is another. The best hardware firewall on the market is useless if you don't change the default password, if you don't set deny all by default, or if you fail to disable UPnP support. This is true regardless of if it's a hardware or software firewall.

Also note that if an attacker passes their attack through a firewall to a web application and manages to violate the web server's integrity, the end result is the same. Firewalls stop traffic on unknown ports; they do nothing for malicious traffic on known ports.

Answer 2

This is a distinction that shows its age more and more with time. The basic difference is whether the hardware design is geared specifically towards being an optimized firewall (sometimes optimized for cost, sometimes for performance) versus a general purpose computing device. Hardware firewalls usually come with an operating system designed only to do that -- Cisco IOS, Juniper JunOS, Ubiquiti EdgeOS, etc.

A software firewall tends to refer to either the software running on a general purpose computer protecting other applications on the same device, or a computer dedicated to the task but still based off generic PC hardware (PCI NIC cards, an x86 processor, etc.).

I think particular to your question is whether the firewall exists as a node in the network that must be transited and evaluated packets against security rules versus whether the evaluation is done by the last receiving node. In that case, the terminology isn't very strongly agreed on for a software firewall that serves as an intermediary node.