Product: Yoggie Gatekeeper Pico
Supplier:  Yoggie Security Systems Ltd
MSRP: ~$98   Find Lowest Price @ PriceGrabber
Author: Barry (Ravenium)
Date: February 1, 2009

Anyone who’s had to keep the vast array of firewall, antivirus, and other security-related software up to date on a PC knows what a royal pain it can be. New versions, definition files, and an ever expanding array of malicious software (and even normal software) conspire to bring the whole house of cards down.

The Yoggie Gatekeeper Pico aims to simplify all these functions by taking them out of the system’s hands and onto a small USB device not much bigger than many flash drives. The device actually contains its own onboard processor, memory, and hardened linux system – in essence, it’s a small computer designed to sit between your computer and the wild frontier of public networks.

First Impressions:

Aside from a pretty imposing box, the Gatekeeper Pico comes with two caps. I scoffed at this until I lost the first one somewhere during a 4 hour flight delay in Ft. Lauderdale (oops). While a retractable USB connector might be a nice to have, the device isn’t really designed to get around nearly as much as a standard USB flash drive, so it’s probably not the end of the world. The housing does tend to block adjacent ports a bit, especially on laptops – a small extender cable isn’t a bad idea if you happen to have the usual peripherals (mouse, flash drive, etc). Additionally, when plugged in the Gatekeeper tends to jut out, so keep the same eye that you would on anything sticking out from your laptop – it’s easy to see how an errant strike could break/bend the connection.

Software installation was a breeze – answer some questions, make sure you’ve uninstalled and previous security software (as a security type I tend to keep my AV software crippled anyway, lest it delete half the tools I use for testing as “grayware”), and you’re off. I opted to not install the included Kaspersky AV software (I already have one disabled AV package…) – after all, I was looking at the device itself.

Taking it for a Spin:

It’s understandably hard to test something that is designed to not be seen or heard – the only things that become associated with it are when it does impact one’s computing experience. With that in mind, the goal became to test typical network threats – would the Gatekeeper hold up to the “Pentagon level” security it claimed on the box?

Now, I have a minor gripe with the concept of the Gatekeeper being a “hardware” firewall. It’s not – a hardware firewall is meant (at least in any common variant of the definition) to be something that provides firewall capabilities sans client-side software. In other words, this means it should sit between the devices it is protecting and the network – independent of whatever devices are behind it. The Gatekeeper is more of a hardware device providing a software-facilitated firewall/proxy/filtering service, so it is is essentially a hybrid – the presence of a hardened system providing security services is better than the software being on the system itself, but the software driver that links network operations is still technically vulnerable to attack. A bit of a nit, of course, but it’s one worth understanding.

Logging into the Gatekeeper’s admin interface, it’s apparent that the name of the game for its design is simplicity. Everything from the colorful sliders to the dashboard suggests that the intended audience is of a less technical variety.

Operating with the default level of policy, as shown above, seemed to produce exactly what you’d want in a security device – nothing visibly changed in daily operations. The Gatekeeper’s transparent proxy would occasionally chime in when a page couldn’t be reached, but aside from that little artifact, it was as if it wasn’t there. Perfect!

From a physical security standpoint, removing the Gatekeeper immediately disabled network transmission (as one might expect). This has an interesting potential secondary purpose for concerned parents who would like a simple turnkey solution to limit their child’s internet access – simply remove the device and they cannot get online (without knowing the administrative password, of course).

It was a little disappointing to not have a little more fine grained control over options for the Gatekeeper’s firewall or other options other than to merely open ports – where was the QoS, the manual whitelisting, etc? This seems to be a byproduct of the unit reviewed (the Gatekeeper Pico is intended to be for personal use, but other models can apparently be used for enterprise control).

Additionally, it would have been nice to be able to connect to the unit via a “bare bones” command line interface (such as SSH) for the technically savvy for further configuration options. Luckily, Yoggie Security Systems seems to be addressing this with an “Open” line of Gatekeeper products that allow additional programming via an API for just that.

Performance (Next, we attack ourselves):

What better way to see how the Gatekeeper holds up than to simulate an attack attempt, right? For testing, I attempted to send myself several test viruses via email, download malware via a web browser, and port scan my laptop (to see what an attacker would see). The answer for the last item is simple – an attacker sees nothing of any use. At best, the laptop showed as a device that contained a range of entirely closed ports.

As expected, this external probe caused the Gatekeeper to light up like the 4th of July:

Even better, even while under heavy scan, no decrease in performance was seen. The Gatekeeper itself got quite hot during the attack, but not unreasonably so – after all, a processor is going to generate heat at some point, right?

A second internal scan bore more fruit – numerous open ports appeared in the summary list. The table below shows the discovered ports during the scan:

Most of the open ports make sense, such as the web proxy (80), admin interface (8443), DNS forwarder (53), etc, but a few would be very interesting to examine to see just what they do. More important and slightly more disappointing was that the Gatekeeper didn’t so much as chirp during the internal scan. On some level this is to be expected (why would an attack come from the PC itself?) but seems to suggest there is not as much thought put into protection from outbound threats such as Trojans, botnet zombies, and other malware that might make its way onto a system via other means.

Web and email filtering fared better as the Gatekeeper caught all attempts to download the EICAR test viruses:

Attempts to email the same test viruses worked equally well (messages were cleansed), but with another nitpick – the Gatekeeper doesn’t appear to support MS Exchange or encrypted POP/SMTP. This is again understandable (particularly since this would in itself be a man in the middle attack), but since most email clients utilize some form of encrypted communication in corporate environments, this was a function that is sadly better left to servers to perform.

One point of concern: the software the Gatekeeper requires on the host system isn’t without its bugs. Heavy network traffic ratcheted up the program’s memory usage to over 90 megs (from a rest level of 8). In addition, even with the Gatekeeper disabled (for normal network traffic), I experienced a few issues obtaining a valid IP in my VMware hosts – they were assigned addresses in the 172.16.x.x range (the Gatekeeper device’s private network). It would appear that this is a consequence of the way the network bridging works for the Gatekeeper, but there also appear to be other issues at work (software DHCP, perhaps?)

Final Thoughts:

Given the hell the average consultant puts their laptop through, the Gatekeeper seems to be a solid idea – a self contained, self updating security solution that can take a lot of the pain out of the bugs, snags, and agony out of security. For home users, it’s pretty snazzy too as it provides the less technical a clean “on/off” switch for governing internet usage.

It would have been nice to have more control over functionality, not to mention a lower profile software package on the host system, but overall the Gatekeeper does what it says – effectively and unobtrusively.

Pros:

-Transparent, unobtrusive network firewall
-Easy to use
-Low maintenance (self updating)

Cons:

-Lack of tech-savvy configuration options
-Slightly buggy host software

Tags: Antivirus, Firewall, Gatekeeper, Pico, Security, USB, Yoggie