Host-Based Vs. Network-Based Firewallsby G.S. Jackson
Firewalls protect computers and networks from external attacks by regulating Internet traffic. That is, they control the data coming in and going out of a computer or network. The firewall itself can exist on individual computers or as part of the entire network, installed on a server or router. These firewalls can function similarity, but their implementation and deployment as singular or network-wide security offer strengths and weaknesses, depending on what you want to secure.
A host firewall is a software application or suite of applications installed on a singular computer. Typically, operating system manufacturers include firewall software as part of the system. This is true of Windows (post-Windows 2000), Mac OS X and many distributions of Linux (Ubuntu, Fedora and SuSE). A personal host firewall is managed on the individual computer that the firewall is installed on. Therefore, the administrator has to have access to the computer to install and configure the firewall.
A network firewall functions on the network level. This means that the firewall filters data as it travels from the Internet to the computers on the network. The firewall operates with a set of data management rules that apply to the entire network. This sets up a sort of "perimeter" for the network as a first line of defense, regulating the flow of data before it even reaches the individual computers that comprise the network.
Types of Network Firewalls
Network firewalls can function by routing traffic to proxy servers that handle data transmission on behalf of the network. A "reverse proxy" firewall will handle incoming traffic while protecting the internal network. In this scenario, the firewall, when receiving external traffic, will always route it to a determined server and disallow communication to other computers in the network. A "reverse hosting server" functions in a similar fashion, but allows you to do the same with several "sub-networks" within a larger network.
Advantages and Disadvantages
Host firewalls can be beneficial for individual users, as they allow custom firewall rules and mobility (a laptop with a firewall provides security in different locations). However, you cannot feasibly secure a large network through individual host firewalls, necessitating a network firewall. A network firewall allows you to devise generalized rules for the entire system but does not allow as much host-level customization as host firewalls. Furthermore, network firewalls that function as proxy servers might reduce the efficiency of the network if not maintained correctly. However, these options aren't mutually exclusive; a network security system might include both host and network firewalls.