@valvaris , please a question:
Let's focus only at firewall functions.
But let's separate PRIVACY from SECURITY firewall functions.
And let's focus only at SECURITY firewall functions (or security benefits etc).
In this context, considering that 90% of security issues come from internet connections (mainly browsing + webpages), and considering that browsing + webpages have free "IN" & "OUT" firewall connections, and considering that only specific software (antivirus, blocker extensions/add-ons, blocked downloads etc) are capable of monitoring browsing + webpages (from security point of view)... in this specific context, seems to me that firewall functions are useless... am I wrong? For example, without security software (antivirus, blockers, hardened browser settings etc), firewalls are totally useless against danger javascript or malicious scripts (inside webpages).
If I'm right, in terms of security, firewalls are almost useless.
I say "almost" because firewalls can block app, program, macro, cmd or powershell etc "OUT/IN" connections, avoiding/blocking tons of threats. But the real danger remains on browsing + webpages, which is the source of 90% of security problems. and where firewalls are almost useless.
Am I wrong?
Hello
@Decopi
There is a stark difference in terms of Firewalls!
============ Network Protection ====================
---------------- Basic SPI Firewall ------------ (Layer 3 - 4) --- Depends On Manufacturer and or License!
Stateful Packet Inspection
Wiki ->
Stateful firewall - Wikipedia
--------------- NG Firewall ------------------ (Layer 3 - 7) --- Depends On Manufacturer and or License!
Next Generation Firewall
Uses DPI - SSL Inspection
Wiki ->
Next-generation firewall - Wikipedia
=================================================
============= Client Protection =====================
Only Works if PC is ON!
---------------- OS Firewall [Windows] ---------- (Layer 4 - 7)
Application Firewall
Also Depends on what Software you use others work with Windows Firewall and others install Drivers to forward traffic to their own engine.
=================================================
A good Hardware Firewall is the first line of defense! [Also Called an Edge Device!]
Because it sits at the Edge of the Network Connecting your Network with the World Wide Web (LAN - WAN)
Depends on the Network Admin and Manufacturer of the device.
WAN to LAN
The first default rule is: Deny all incoming traffic! - Already there nobody can connect to any of your devices.
LAN to WAN
The second rule is a TEST Rule with Logging: To see what is needed for the network to be productive.
Otherwise, it can be done with strict rules!!!
Allow only HTTP, HTTPS, DNS and NTP - Everything else that is blocked can be opened by the Admin if necessary!!!
NOW the NG tech. comes into play and that is where an enormous difference comes in to Firewalling at the Edge!
Because now we can look inside SSL Traffic and depends on the manufacturer - DPI - ATP - IPS and so on... can be implemented.
And YES a NG Firewall can identify bad traffic from the network and block that!
Example: If Command and Control traffic is seen by the NG Firewall it will kill that session and could isolate the device.
Also, it is capable to Scan for Malware before the Download even hits the PC and much more...
The first line of defense also needs a second line where it can work together and that is Endpoint Protection.
The best example I have is Sophos:
Sophos XGS Firewall (Hardware) ---> [Endpoint/Client/Server] Sophos Intercept X Adv. (With XDR or MTR) Depends on the Costumer
This setup will for example do a heartbeat to the firewall security system and Sophos central services and if something goes bad the firewall will isolate that system and the infected system will try to clean itself. If all goes well then it can rejoin the network.
For the home user what does that mean?!
---- Anti-Virus Suite (I cannot recommend one for home users!) [Why? Bloatware - VPN - FileShredder - and so on...]
---- The ISP Router or Gamer Router (To be honest a PFsense Community Edition or OPNsense must have!!!) <- Lots more transparent what is going on in your home network.
To answer your question in a short way: A Hardware Firewall Appliance gives you way more security if configured correctly!
Best regards
Val.