This Linux on a stick protects Windows computers
Spam and Phishing
The anti-phishing function returned useful results in our lab. To investigate the antispam function, testers set up a number of email accounts and mirrored them to a [spamcop.net] mailbox. Yoggie's results were better than those provided by the Spamcop service, with a spam detection rate of just below 100 percent. However, Yoggie returned one to two percent false positives (i.e., legitimate email incorrectly identified as spam) when mailing lists were used. The spam filter is fine for corporate use in small- to medium-sized enterprises, but it is not a genuine alternative in the enterprise sector. To compare, Cisco Ironport [7] only returned one false positive in 109 million messages in an extensive test.
IDS and IPS
Yoggie's intrusion detection (and prevention) system is Snort with Sourcefire rules. This combo forms a top-notch team from a technology point of view, but as with the web filter, administrators have no way of modifying the software to reflect their requirements. In our lab, with a default setting of Medium Security, we could not send mail via the server over TCP port 2525, and we got no message telling us that Yoggie IPS had blocked the outgoing connection. Other personal firewalls at least pop up a window to warn you of such actions.
After searching, the testers found a message in the Yoggie logfiles: Suspicious 220 Banner on Local Port Detection of a nonstandard protocol or event (Figure 5). All they could do was disable the IPS for all mail traffic. It was impossible to disable just one signature because it triggered a false positive response.
Configurability of security systems is a matter of opinion. Yoggie seems to be targeted at inexperienced users. Asking this target group to take care of complex details would be too much, and the artificial restrictions are justifiable in this light. However, some users, such as field staff or home workers, could benefit from the enhanced security of a compact appliance compared with a software-only solution. Yoggie cultivates this market with a VPN function and corporate mode that lets a company preconfigure and manage hundreds or thousands of Yoggie Pico Pro Gatekeepers via the Yoggie Management Server (YMS), which was not ready in time for this test.
Yoggie Autopsy
That one of the three test devices gave up the ghost just 20 minutes after we plugged it in for the first time, might be a coincidence, but it at least gave us a good excuse to dissect the device in our lab. Opening the Gatekeeper Pico revealed two dual-sided PCBs (still connected in Figure 6) with a 520MHz CPU by Intel (XScale PXA270), 128MB SDRAM, and 135MB Flash memory (128MB NAND plus 8MB NOR).This is the CPU that is used in some Blackberry models. It has been on the market for about three years now, but it is still state-of-art.
The Gatekeeper Pico's hardware and architecture are convincing, and you can't say the price is overly expensive. It is surprising, in fact, that Yoggie has managed to offer the hardware at such a low price. Of course, the product would be more interesting as an open Linux appliance that users could install and configure to suit their own needs. A more open design would give users the ability to, say, integrate a mini--web server, groupware system, or CVS server that would run off any host computer.
Amazing Device
The Yoggie Gatekeeper Pico surprised the test team in two respects: In a positive sense, we were impressed with its design and the quality of the tiny hardware package. In a negative sense, we were surprised that we could open such a large hole in the system. No software is perfect, but being able to work around the firewall in a security product raises some serious questions about the device.
Apart from its deficiencies, the mini-appliance left a generally positive impression. UTM appliances tend to be bulky – rack mountable at best. The market is currently moving toward integration. Standalone security solutions are being acquired, dissected, and integrated with larger product series. Contrary to this trend, Yoggie has now introduced a new standalone security solution that provides better protection than a legacy personal firewall, but users do need to carry additional hardware around with them on the road, and hardware can be lost or broken. Potential customers will have to decide whether to trust the product despite the vulnerabilities, which have since been fixed.
Infos
- Yoggie: http://www.yoggie.com
- Open Source components in Yoggie: http://www.yoggie.com/opensource
- Yoggie product line: http://www.yoggie.com/comparison.shtml
- NDIS Developer's Reference: http://www.ndis.com
- SurfControl: http://www.websense.com/acquisition/surfcontrolCustomers.html
- Mailshell: http://www.mailshell.com
- Ironport: http://www.ironport.com
- Firmware history: http://www.yoggie.com/PDF/Firmware-Version-History.txt
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.