Author: Joseph Moran
Review Date: 5/3/2007
These days you can scarcely turn on a computer without exposing it to some kind of security threat, and few situations carry a greater risk than a roving laptop connecting to myriad public networks, like Wi-Fi hotspots.
Using a software firewall is commonplace in such a scenario, but Yoggie Security Systems says it has a better solution in the form of its Yoggie Gatekeeper, a tiny security appliance that’s designed to protect your laptop from network-based threats. The Gatekeeper packs a number of security features into a single compact and portable device, including a firewall, anti-virus, anti-spam, anti-phishing, anti-spyware functions and content filtering. The Gatekeeper also provides Web and e-mail proxies, a VPN client and an intrusion detection system.
So why would you forgo the convenience of security software installed directly on your PC for an external device? First, much like the hardware firewalls used by corporate networks, the Gatekeeper uses it’s physical separation as an advantage, acting as an airlock between the safe zone (your PC) and the unsafe zone (the network it’s connected to and the Internet beyond). Second, the Gatekeeper will offload security functions from your laptop’s processor and RAM, thus freeing it for other tasks. (The Gatekeeper sports the same 520 MHz Intel XScale processor currently found in many high-end handheld devices, and has 128 MB of its own memory.) Another distinct benefit of an external hardware device is that it tends to be more reliable and less vulnerable to attack than a software firewall that must run atop an operating system.
The Gatekeeper, with its dimensions of 4.0125- x 2- x .875-inches, makes efficient use of its small footprint. A captive USB cable stores wrapped around the device, concealing a pair of RJ-45 Ethernet ports. The rear of the device sports an SD (Secure Digital) memory card slot and AC power jack behind a protective rubber cover. An AC power supply is optional, because the Gatekeeper can draw its operating power from your laptop’s USB port.
You can use the Gatekeeper in either pass-through or redirect mode, and the one you choose depends mainly on whether your laptop uses a wired or wireless network connection. In pass-through mode, the Gatekeeper’s two RJ-45 ports are connected to the PC’s Ethernet jack (it includes an 18-inch cable) as well as to the network connection that’s providing Internet access.
Of course, this kind of connection isn’t feasible on a notebook that connects wirelessly (be it Wi-Fi or something like a cellular modem), which brings us to the Gatekeeper’s redirect mode. In redirect mode, the Gatekeeper’s USB connection serves as a conduit for both power and data, and a special network driver (which is currently available only for Windows XP) shunts all incoming traffic to the Gatekeeper for inspection before being released to the operating system for processing.
Although pass-through mode has the advantage of not requiring any software to be installed on the laptop (which makes this mode compatible with any operating system), as well as preserving the pure physical separation of network traffic, redirect mode has a few benefits of its own. One is the presence of a Windows tray icon that provides a quick visual indication of your protection status, along with event-notification balloons. That’s helpful, because although the Gatekeeper has a number of status lights on its front panel, they’re far too small and dim to convey any useful information.
We attached the Gatekeeper (in redirect mode) to a wireless-equipped Windows XP notebook and found the setup procedure to be pretty painless. Upon installation, the Gatekeeper’s driver software inserted itself into the notebook’s network protocol stack so it could monitor and intercept traffic. In redirect mode, network access is disabled whenever the Gatekeeper isn’t physically connected to the computer (and sure enough, when we pulled the plug on the Gatekeeper our connection terminated).
While a few functions — like changing the device’s administrative password and temporarily disabling protection — are directly accessible via the tray icon, most Gatekeeper configuration takes place using the Web browser. Not that there’s much you have to do to the Gatekeeper up front to make it useful out of the box. Much like the security software you’d run on a PC, the Gatekeeper starts operating immediately and is pre-configured with certain default settings that provide a fairly high level of protection.
You can set the Gatekeeper to one of three broad security postures — low, medium (the default) or high, but unfortunately there’s no way to see the specifics of each one or to make adjustments to the configuration. That’s not necessarily a problem for many people (too many options often creates confusion, and thus reduces security), but it could be an issue for people who want more control over their computing environment. As it turns out, you can manually fine-tune only a handful of Gatekeeper options, such as opening specific firewall ports or adjusting Web content filters.
Our Gatekeeper did a pretty good job of protecting our test system from a variety of digital nasties. We subjected it to several test viruses, firewall leak tests, phishing Web sites and spam mail, and it identified and/or blocked each threat as appropriate. In the case of spam, the Gatekeeper doesn’t actually block it but rather tags it as spam, probable spam or as phishing mail, which you can then filter via your mail client.
One thing to keep in mind when using redirect mode is that the Gatekeeper is a USB 1.1 device, an interface with a potential throughput of a mere 12 Mbps and real-world throughput of roughly half that. This won’t be a significant bottleneck in a typical hotspot scenario or anywhere you perform typical workaday tasks (e.g. browsing and e-mail). But should you attempt bandwidth-intensive tasks like large file transfers, it could potentially throttle the performance of a high-speed wireless connection (not to mention 100 Mbps Ethernet).
If you want to see what the Gatekeeper’s been doing on your behalf, you can check the browser-based main status page, which provides simple speedometer-like counters of suspicious activity. For more detail you can access security and system logs, as well as various attractive and informative rotating 3D charts illustrating the threats that have been encountered.
The Gatekeeper’s $220 purchase price buys you the hardware plus a subscription for a year’s worth of updates. Also included in the purchase price is a one-year license for Kaspersky Anti-Virus software, which may seem redundant until you remember that the network isn’t the only way virus can infect your laptop. Gatekeeper subscriptions after the first year are currently priced at $40
The Gatekeeper is also available in a SoHo bundle, which is licensed for use by up to five systems. Pricing for this version wasn’t finalized as of this writing, but the company says the bundle will be nominally more expensive than a standalone Gatekeeper and include the AC power adapter. Larger organizations that want to deploy Gatekeepers en masse can opt for a $5,000 Yoggie Management Server (YMS), a rack-mounted server that offers centralized management and reporting for up to 500 Gatekeepers. The company says that the YMS also gives corporate administrators far more detailed information about and control over the Yoggie’s configuration options than you get with the standalone product.
You can look at the Yoggie Gatekeeper as an Internet security suite that comes in a plastic box rather than a cardboard one. Although it’s several times the price of a typical software firewall and somewhat less convenient due to having an extra piece of hardware to carry around, many people will find the improved security, reliability and operating system flexibility (at least in pass-through mode) worth the trade-offs.
Price: $220 (includes one-year of security updates; subsequent years are $40)
Pros: more reliable than a software firewall; offloads security functions from laptop processor and memory; universal operating system compatibility when used in pass-through mode
Cons: relatively expensive and less convenient than a software firewall; pass-through mode not available with wireless connections, USB 1.1 could be a performance bottleneck in certain situations
Joe Moran spent six years as an editor and analyst with Ziff-Davis Publishing and several more as a freelance product reviewer. He’s also worked in technology public relations and as a corporate IT manager, and he’s currently principal of Neighborhood Techs, a technology service firm in Naples, Fla. He holds several industry certifications, including Microsoft Certified Systems Engineer (MCSE) and Cisco Certified Network Associate (CCNA).
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|
Adapted from SmallBusinessComputing.