Security On the Go With Yoggie's Gatekeeper
Hotel business centers, airport WiFi hotspots, your local Starbucks: as far as the corporate laptop is concerned, these are the badlands where it is at its most vulnerable.
Laptops are generally well protected against all kinds of malware and hacker threats by security appliances (such as the Astaro Security Gateway, and Smoothwall’s SmoothGuard, both covered here) when connected to the corporate network. But in the external environments mentioned above, laptops are on their own: the only protection they can expect is from any security software they are running.
The problem with security software suites is that they can get corrupted or disabled by malware (or inadvertently by the user,) and ultimately they are reactive—they have to let threats on to the computer before they deal with them. And just to add insult to injury, they usually slow computers down quite considerably as well.
Yoggie, a privately owned Israeli company, believes that a better solution for laptops users is to place their computers behind some sort of hardware-based security device before connecting to the Internet from a public access point. Since a 1U form-factor rackable appliance is out of the question, Yoggie has designed the Gatekeeper Pico, a Linux based security appliance crammed on to what appears to be a USB memory stick.
The “memory stick” actually contains an ARM-based CPU and an operating system built on the Linux 2.6 kernel stored in read-only memory. It also contains a suite of security software, including Kaspersky anti-virus and anti-spyware, Surf Control Web filtering, Mailshell anti-spam and anti-phishing, Snort intrusion detection and prevention, plus other security applications including a firewall that have been developed in house.
Once the Yoggie installation software has been run and the Gatekeeper Pico is inserted into a laptop’s USB port, all incoming TCP/IP traffic is diverted to the device to be screened and sanitized before being sent back to the laptop’s Windows or Mac OS X operating system. So just like a security appliance that sits at a corporate network gateway sanitizing traffic before allowing it on the network, it is the Yoggie device that receives and deals with any attacks intended for the laptop.
A browser-based control panel allows the user to configure the appliance, with controls including a simple slider for “low”, “medium” and “high” levels of security, and dials that display the number of threats detected and an overall threat level. Advanced users can go beneath the simple interface to configure individual elements of the device’s software manually.
Keeping Yoggie Up to Date
Several measures have been taken to try to ensure that the appliance is effective. Firstly, the Gatekeeper Pico receives new anti-virus signatures and any other patches from Yoggie’s severs every time it connects to the Internet, and these are stored on the device in a section of flash memory. There is enough capacity on the device for several years’ worth of updates, according to the company.
Secondly, once a laptop has had a Yoggie device installed on it, it checks that the device has been inserted before allowing access to the Internet to prevent users forgetting. What happens if it gets lost? If this happens there’s the option to connect to the Internet without the device, after first entering a password. Doing so might be considered rash without some sort of security software installed on the laptop itself, so it would seem sensible to keep some on the laptop in case the device gets lost.
This of course negates one of the advantages of the device touted by the company: that while security software often causes a significant performance hit (of up to 30 percent, according to Yoggie, although this sounds a little high), the USB device only causes a 1 percent hit.
Yoggie for the Enterprise
For enterprise use the company also offers the Gatekeeper Pico Pro (for Windows machines only ), a device similar in most respects to the Gatekeeper Pico. One of the key differences is that Pro devices can be managed and updated centrally by a corporate IT department using a hardware device called the Yoggie Management Server (YMS).
An administrator using the YMS can then take control of a fleet of up to 500 Gatekeeper Pico Pros, creating sets of rules for different groups of users defined in Active Directory. For example, they could give some users access to a limited selection of web sites and bar them from using FTP when traveling with their laptops, while others could have unlimited Internet access. It’s also possible to prevent laptops connecting to the Internet at all except through the device: a password based override feature would no longer be possible.
The Pro version of the device also contains seven popular VPN clients including Cisco and Juniper software.
Yoggie Pros and Cons
So is the Yoggie Gatekeeper Pro a useful piece of security kit? Since laptops can be configured by the IT department so they can connect to the Internet only when the Gatekeeper Pico Pro is inserted, it does ensure that anti-virus and other security software is protecting the machine at all times. By contrast, as mentioned before, a software only solution could be uninstalled or disabled by the user or by malware. In this respect the system works a little like an enhanced version of NAC (network access control): whereas a NAC device prevents users from connecting to the corporate network without up to date security software running, the Gatekeeper Pico Pro prevents any connection to any network without its protection.
On the other hand it is not hard to imagine that a small device such as this could easily get mislaid. It is also very flimsy, made from thin plastic which looks like it could easily be broken. A user with a laptop and a lost or broken Gatekeeper Pico Pro is effectively cut off from the Internet unless they can contact the IT department and override the block on Internet access without the Pico Pro in place. And if that is allowed then inevitably some form of security software will have to be left on the laptop itself, negating any speed gains that might be possible by running security software on a separate hardware device instead of the laptop. (It’s probably a good idea to leave anti-virus software on the laptop anyway, to deal with any viruses that may already be present when the Gatekeeper Pico Pro is first installed.)
There’s also a question mark over the software installed on the device. Open source security software or products from well known security vendors may well be trustworthy, but the company is less than forthcoming about the software that it has developed. Who is to judge whether any proprietary security software provided by Yoggie is well architected and free from serious flaws? Only time and extensive testing in the field will tell.
That just leaves the question of the price. At $199 each the Gatekeeper Pico Pro is certainly not cheap, and there’s also an annual subscription after year one of $40. The YMS adds another $2,700 or so to the bill.
But the idea of a pocket-sized security appliance with a significant amount of open-source (and therefore scrutinizable) software is undeniably attractive, as is the centralized management provided by the YMS. For companies that can justify the cost, the Yoggie could be an attractive security solution.