A firewall can be thought of as a security officer who stands in front of the main entrance of a highly secured premises. Just like as if the security officer has been given a list of people who are or are not allowed to enter into the premises, even in the firewalls you can specify as which computers or users can access the internal network for the particular computer on which the firewall has been installed.
The implementation of the firewalls is as below:
A software firewall is an application that is installed on a computer, and is responsible for protecting that particular computer only from the external threats or intrusions. Since such firewall is a soft copy and is installed on top the operating system, it is capable of monitoring only the network adapter that is installed on its own computer.
A hardware firewall is a device that is precisely manufactured to protect the computers that are present within any corporate network. A hardware firewall has multiple LAN ports integrated in it. Because of these LAN ports, the security administrators can place the hardware firewall between the external and internal network, where one port is connected to the direct Internet line, and the other port is connected to the LAN switch that is placed within the internal network.
Almost all Microsoft Windows operating systems that are developed these days have a built-in firewall which is by default enabled. In the latest versions of Microsoft Windows, the Windows Firewall allows the users to create inbound and outbound firewall rules and configure them very granularly in order to protect the entire computer system from almost every external threat.
In small offices, where the overall budget for the security of the network is limited, the security administrators prefer using the free versions of machine independent firewalls such as Untangled or ClearOS. Such firewalls are the software applications that require to be installed on a dedicated computer, hence turning the entire machine into a full-fledged hardware firewall device. Such computers must have at least two LAN cards (Network Interface Cards or NICs), where one NIC is connected to the direct Internet connection, and the other NIC is connected to the internal facing LAN switch.