Slashdot Mirror
Hardware Firewall On a USB Key
An anonymous reader writes "An Israeli startup has squeezed a complete hardware firewall into a USB key. The 'Yoggie Pico' from Yoggie Systems runs Linux 2.6 along with 13 security applications on a 520MHz PXA270, an Intel processor typically used in high-end smartphones. The Pico works in conjunction with Windows XP or Vista drivers that hijack traffic at network layers 2-3, below the TCP/IP stack, and route it to USB, where the Yoggie analyzes and filters traffic at close-to-100Mbps wireline speeds. The device will hit big-box retailers in the US this month at a price of $180." Linux and Mac drivers are planned, according to the article.
A true hardware firewall wouldn't have to hijack traffic via a driver. It would have it's own ethernet port and would inspect data before it even touches the network stack on the host OS.
A bit hyped up if you ask me.
It's a marketing gimmick. At the very best it's a software firewall with a (not really needed) co-processor to do packet inspection.
Personally it looks like a waste of money to me.
so basically this means allowing a black box to hijack completely my IP stack, a black box which phones home every 5 minute and arbitrarily downloads software updates... just think if this company's server was compromised even for an hour, given that all of the devices update every 5 minutes you could compromise pretty much all of them at the same time.
Not to mention that if this device can insert a 'low level driver' that hijacks the IP stack, I'm sure a virus will come up sooner or later that will re-hijack this and compromise it. The only really 'safe' hardware firewall is, guess what, a completely separate hardware firewall (like my custom LEAF install on my old p3-500), this sounds like those 'one time pad, guaranteed!' crypto products we often lambast here on
-- the cake is a lie
You've obviously never used Norton Internet Security 2007 or McAfee Internet Security Suite 2007.