Hardware Firewall On a USB Key

An anonymous reader writes "An Israeli startup has squeezed a complete hardware firewall into a USB key. The 'Yoggie Pico' from Yoggie Systems runs Linux 2.6 along with 13 security applications on a 520MHz PXA270, an Intel processor typically used in high-end smartphones. The Pico works in conjunction with Windows XP or Vista drivers that hijack traffic at network layers 2-3, below the TCP/IP stack, and route it to USB, where the Yoggie analyzes and filters traffic at close-to-100Mbps wireline speeds. The device will hit big-box retailers in the US this month at a price of $180." Linux and Mac drivers are planned, according to the article.

Not really a hardware firewall

[dreamchaser]

A true hardware firewall wouldn't have to hijack traffic via a driver. It would have it's own ethernet port and would inspect data before it even touches the network stack on the host OS.

A bit hyped up if you ask me.

Re:Not really a hardware firewall

[TheRaven64]

Why not just put an ethernet controller into it, and use it as a USB network adaptor?

odd

[otacon]

Did anyone else find it odd that it runs linux, but doesn't actually work with a linux box, but only with a windows one?

Re:odd

[Josiah_Bradley]

If it's running Linux then you can probably get the same apps it's running and install them on your Linux machine. And if your already running Linux you probably don't need a firewall for windows anyway...

Why would I want this?

[morgan_greywolf]

I mean, increasingly, firewalls are being combined into multipurpose devices that provide NAT, Web serving, DMZ, VPN, media streaming, wireless access, etc. I mean even the lowly Linksys WRT54G, available for ~$50 USD almost anywhere, supports VPN, provides NAT, DMZ, UPnP capabilities, rudimentary web filtering, and has a built-in wireless access point. I mean, this thing doesn't even support wireless, which would make it useful for laptops, etc.

IOW, someone tell me why I should care?

Marketing Gimmick

[dreamchaser]

It's a marketing gimmick. At the very best it's a software firewall with a (not really needed) co-processor to do packet inspection.

Personally it looks like a waste of money to me.

from the article

[MarcoAtWork]

Once running, the Pico establishes an SSL (secure sockets layer) http connection to Yoggie's central servers, where it checks for updated firewall policies and rule sets, Touboul said. It subsequently checks every every five minutes, by default.

so basically this means allowing a black box to hijack completely my IP stack, a black box which phones home every 5 minute and arbitrarily downloads software updates... just think if this company's server was compromised even for an hour, given that all of the devices update every 5 minutes you could compromise pretty much all of them at the same time.

Not to mention that if this device can insert a 'low level driver' that hijacks the IP stack, I'm sure a virus will come up sooner or later that will re-hijack this and compromise it. The only really 'safe' hardware firewall is, guess what, a completely separate hardware firewall (like my custom LEAF install on my old p3-500), this sounds like those 'one time pad, guaranteed!' crypto products we often lambast here on /.

Re:Why?

[rickkas7]

Software firewalls are hardly performance hogs.

You've obviously never used Norton Internet Security 2007 or McAfee Internet Security Suite 2007.