Just_Super/E+ via Getty
Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Your desktop firewall may not offer enough protection.
- There are various options available to increase your security.
- Two of these options are free, while the other has an associated cost.
The importance of network security cannot be overstated.
Leave your network vulnerable, and bad things could happen. Your data or identity could be stolen, your computer infected with ransomware, your bank account cracked — you name it.
You might think the only thing you need to do to prevent that would be to use your desktop operating system’s firewall. Although that’s a great start, you need more protection.
One of the best ways to protect your home network is to deploy a dedicated firewall, and there are a few ways you can do that.
Also: How to secure your home and office network: The best DNS blockers and firewalls
Before we get to the methods, let’s talk about why you’d want to do this.
The big ‘why’ of dedicated firewalls
There are two main reasons why you would want to deploy a dedicated firewall to your home network:
- Heightened security
- More flexibility
Those two reasons alone should be enough to convince you. Although the heightened security is the big ticket item, do not disregard the flexibility aspect. Consider this: with your operating system’s built-in firewall, you are limited to what the developers imagine to be all you need for protection. You might want to set up automation, create groups, run diagnostics, create categories, and more. Your operating system’s OS might not offer those features. A dedicated firewall will offer those features and much more.
Keep in mind that your operating system’s firewall was designed to be simple, so you don’t have to learn how to use it. A few clicks and you’re good to go. Although that firewall might not keep you as protected as a dedicated firewall, it’s easy to use.
Sometimes, easy to use is not the best route.
Sure, a dedicated firewall will require some work up front, but the extra protection you gain from it is worth every effort.
Think about it this way: Most businesses use a dedicated firewall. Why? Because they know a desktop firewall isn’t enough to protect them. Why would you want the same thing?
Fortunately, there are plenty of options, many of which are free.
Options for better home network protection
There are three main options for deploying a dedicated firewall to your LAN. Let’s start with the easiest option.
Your ISP’s router
You may not know this, but the router/modem your ISP sent you probably has a built-in firewall. Before you get too excited, those router firewalls aren’t quite as flexible and secure as a dedicated firewall. However, the firewall on your router will be easy to manage while being more powerful than the firewall on your desktop OS.
That is not to say you should configure your router firewall and then disable your desktop firewall. You can have them both running at the same time. This will give you an extra layer of security, which you want.
Also: Internet security suites compared
How you log into your router to manage the firewall will depend on your router. Most often, it’s just a matter of pointing your browser to the router’s IP address (such as 192.168.1.1).
A dedicated firewall appliance
You can purchase dedicated firewall appliances that are (mostly) plug-and-play. There’s the Foritnet Fortigate 40F, TP-Link ER605 V2, the Protectli Vault FW4B, and many others.
The best part of these appliances is that you can plug them into your network and, with very little effort, have a powerful firewall up and running. The one thing I’ll warn you about is that some firewall appliances also serve as a router that serves DHCP addresses, which could conflict with your ISP’s router/modem. Because of that, I would suggest disabling DHCP on your firewall appliance.
A dedicated firewall PC
If you don’t want to spend the money on an appliance, but you need the heightened security they offer, you could take a spare PC and install one of the various Linux firewall distributions, such as:
The OPNsense firewall distribution is one of my favorites.
Jack Wallen/ZDNET
Typically, those firewalls are installed on a spare machine and then configured/managed via a web UI. Those web-based interfaces tend to be straightforward and user-friendly, but they do offer some pretty advanced features that you’ll want to research.
The one caveat to deploying a dedicated firewall PC is that it must have two NICs (Network Interface Controllers); one NIC is configured for LAN (inside) and one for WAN (outside). If you don’t have two NICs, you won’t be able to get the firewall working properly.
My recommendation
If you are not at all tech savvy, I would go with your ISP’s firewall in conjunction with your desktop firewall. If you have a bit of tech skill, go with the dedicated appliance. If you know Linux, go with the dedicated firewall distribution.
Also: Firewalla launches Purple: Its must-have network security device
No matter which route you choose, you’ll end up with more security than you currently enjoy.
