Hi Pete: some light to shed on why Yoggie provides more security: First, it is routing the traffic to Yoggie *before* it leaves the Windows NDIS, meaning before it gets to TCP/IP (see my posting 20 minutes ago with details). The traffic is rerouted to Yoggie on USB 2.0 (up to 480Mbps) with effective 425Mbps. Yoggie is the computer that handling the security by running: Firewall, NAT (yes - it hides the IP address of the external world from the internal - something *no software firewall is doing or capable doing*), hides IP and MAC, DHCP, running SNORT (with VRT soon and with IPS active!!!), runs 4 proxies (HTTP, FTP, SMTP and POP3), unzipping compressed files!, and send atom files to Anti Virus, Anti Spyware, Anti SPAM and Phishing (having one "leg" on HTTP and one on SMTP.POP3 allows unique capabilities here), URL Cat and parental control (using SurfControl) Layer 8 security (see my posting 35 mins ago) and unique MLA (i will post later details on this unique module). Now the clean and screened content returns to NDIS. Should hacker try to attack your PC, the attack lands on Yoggie PICO and not on your PC! Why the Yoggie don't care much - as it has a special shield that other PC don't have: To stop the Pico itself becoming infected, the operating system is contained on two Flash memories. Flash A contains the operating system. When the device is booted, a clean copy of the operating system is transferred to Flash B, and access to Flash A is disabled. The security applications then run on Flash B, which is wiped when the device is turned off. If you have any more questions, please ask, Cheers.
Hi Otis, I am from Yoggie and I am also a network engineer (for many years). Let's go back to Windows Network 101: I am sure you know the NDIS architecture: every network card has its network driver interfacing (bounding) to NDIS from below and communicating with miniPorts. Now, comes Windows TCP/IP driver that implements the Windows TCP/IP stack. It includes the "Packet Filer" from below (interfacing NDIS interface), IP routing and implementation of TCP and UDP from the Top. This is the Windows TCP/IP driver that bounds to NDIS. Eventually other drivers such as nbf.sys, NetBT.sys etc. can also interface directly to NDIS. So, Yoggie PICO is interfacing in the middle of NDIS intermediate (you probably know the NDIS wrapper) so it is - as we said - *below TCP/IP* and above the NICs drivers. In fact it is hooked into the NDIS for every miniport and therefore is transparent to the NICs below and to the TCP/IP stack above. Need more details, just ask. We provide Tech101 and not Buz101:-)
Cheers.
Well, let's check the technical facts. On the OSI 7 layers model, layer 7 stands for the "application layer". Noted that this is the *network application* not the end user application. Also noted that this layer 7 or the Network Application layer (in specific HTTP, FTP, etc.) is really used by *end user Applications* as the transport layer. What are these applications: JavaScript, JavaApplet, ActiveX, VBScript, etc. These are end user productivity apps that travel over HTTP, SMTP etc.
So, Yoggie developers like to name it "Layer 8". Eventually there is no Layer 8 in the OSI Model (this is why we use "") - but you know us developers and inventors, we like to come with our names. So, what is Layer 8 Security Agent? It is an agent that is doing behavior analysis to end user applications (=Layer 8). I am sure you heard of the term Behavior Analysis, it means we scan the content of the CODE, using heuristics to determine is this code is an attack (doing malicious acts) or just a friendly end user application that allowed to enter. Why do we do this? Well - this is a good technique to stop a Virus that still is not recognized by the Anti Virus (no signature was delivered yet) and otherwise - would infect the protected computer.
I really suggest you keep reading, the depth in Yoggie PICO is by far more than what it seems in the first look
Your router will not stop a virus within ZIP file while Yoggie will. You probably need Yoggie Gatekeeper PRO that comes with 2 network ports and can protect 5 comouters without any software install on these machines. Simply plug it to your router and get them all secured by far better than router/w FW as it includes Snort, Anti Spyware, Anti Phishing, Anti SPAM, SurfControl, 4 proxies, Layer 8 security etc. Have a deeper look:-)
There are two versions of Yoggie:
Yoggie Gatekeeper with 2 ports
Yoggie PICO with USB only working at 480 Mbps (effective 425 Mbps)
Find more on the comparision in my posting today.
Dear All,
Yes, I am from Yoggie and its a pleasure and honor for me to provide some "internal" information:
Some of you mentioned that you need 2 network ports to make a "real" Firewall. True, please refer to our web site: www.yoggie.com and find the Yoggie Gatekeeper. This product released few months ago comes with two network ports running same processor, same memory, OS and 13 application.
Some of you, view Yoggie as a Firewall and compare it to Routers and access points: Please note that Yoggie is by far more than just a Firewall and in fact its like a set of enterprise security appliances packed in a miniature computer. Lets see what's in there:
1. FireWall, NAT, DHCP Server and client
2. Full snort implementation including IPS on top. VRT updates will come soon.
3. 4 transparent proxies: 2 for web: HTTP, FTP and 2 for email: SMTP and POP3
4. True File-Type detection agent so file type are detected by content analysis and not based on MIME or file extension! Compressed file - are uncompressed in real time before scanning!!!
5. Anti Virus agent - Kasperski!
6. Anti Spyware agent - both signature based and behavior based!
7. Anti Phishing - since it sees the web and email traffic - it can "close the phissing loop" and verify content/url.
8. anti SPAM - based on Mailshell engine.
9. URL CAT and parental control - based on SurfControl.
10. Layer 8 agent - performs content scanning to "above layer 7" applications, AJAX, VBS, JS, etc. to detect new and unknown virus (not based on signature).
11. MLA - Multi Layer Security agent - a new invention - event correlation in REAL TIME for all event from all other modules - to drastically reduce false positive of IPS and Layer 8 agent.
12. VPN Client.
These applications take 35% - 45% of PC Windows CPU. More, one cannot find a commercial implementation of all these applications in one security appliance, even when it comes to a 1U, 2U or 4U appliance. Simply, no one yet managed to integrate layer 2/3 security with layer 7 and above layer 7 content analysis. Yoggie is a unique combination of 7-8 commercial different security appliances.
Why did we come with the Yoggie PICO? and why after Gatekeeper:
First, we wanted to provide the experts with a 2 network ports solution: we launched the Yoggie Gatekeeper. After we came with this great invention that one can implement an *almost* identical solution using *s-route driver* at the lowest level that still NAT (yes, this is the first NAT and DHCP service inside a protected driver and in between network layers) IP address so external IP address is different from IP addresses Windows application gets.
This unique implementation is the only one capable stopping attacks such as "ARP cache poisoning" - something only hardware based firewalls can do. (will go via software firewalls).
We absolutely agree that Yoggie Gatekeeper using two network interfaces provides the ultimate separation and isolation but we also know that Yoggie PICO unique "S-Route driver" is by far better than software firewall.
Why we didn't add network port to PICO ? - we let this choice with the Gatekeeper (for people that absolutely requires two ports) and made an alternative with almost same security level but with a much smaller form factor (easy to carry)and using the existing network port in the laptop.
Your comments and suggestions are welcome.
SST.
Slashdot Mirror
Hi Pete: some light to shed on why Yoggie provides more security: First, it is routing the traffic to Yoggie *before* it leaves the Windows NDIS, meaning before it gets to TCP/IP (see my posting 20 minutes ago with details). The traffic is rerouted to Yoggie on USB 2.0 (up to 480Mbps) with effective 425Mbps. Yoggie is the computer that handling the security by running: Firewall, NAT (yes - it hides the IP address of the external world from the internal - something *no software firewall is doing or capable doing*), hides IP and MAC, DHCP, running SNORT (with VRT soon and with IPS active!!!), runs 4 proxies (HTTP, FTP, SMTP and POP3), unzipping compressed files!, and send atom files to Anti Virus, Anti Spyware, Anti SPAM and Phishing (having one "leg" on HTTP and one on SMTP.POP3 allows unique capabilities here), URL Cat and parental control (using SurfControl) Layer 8 security (see my posting 35 mins ago) and unique MLA (i will post later details on this unique module). Now the clean and screened content returns to NDIS. Should hacker try to attack your PC, the attack lands on Yoggie PICO and not on your PC! Why the Yoggie don't care much - as it has a special shield that other PC don't have: To stop the Pico itself becoming infected, the operating system is contained on two Flash memories. Flash A contains the operating system. When the device is booted, a clean copy of the operating system is transferred to Flash B, and access to Flash A is disabled. The security applications then run on Flash B, which is wiped when the device is turned off. If you have any more questions, please ask, Cheers.
Hi Otis, I am from Yoggie and I am also a network engineer (for many years). Let's go back to Windows Network 101: I am sure you know the NDIS architecture: every network card has its network driver interfacing (bounding) to NDIS from below and communicating with miniPorts. Now, comes Windows TCP/IP driver that implements the Windows TCP/IP stack. It includes the "Packet Filer" from below (interfacing NDIS interface), IP routing and implementation of TCP and UDP from the Top. This is the Windows TCP/IP driver that bounds to NDIS. Eventually other drivers such as nbf.sys, NetBT.sys etc. can also interface directly to NDIS. So, Yoggie PICO is interfacing in the middle of NDIS intermediate (you probably know the NDIS wrapper) so it is - as we said - *below TCP/IP* and above the NICs drivers. In fact it is hooked into the NDIS for every miniport and therefore is transparent to the NICs below and to the TCP/IP stack above. Need more details, just ask. We provide Tech101 and not Buz101 :-)
Cheers.
Well, let's check the technical facts. On the OSI 7 layers model, layer 7 stands for the "application layer". Noted that this is the *network application* not the end user application. Also noted that this layer 7 or the Network Application layer (in specific HTTP, FTP, etc.) is really used by *end user Applications* as the transport layer. What are these applications: JavaScript, JavaApplet, ActiveX, VBScript, etc. These are end user productivity apps that travel over HTTP, SMTP etc. So, Yoggie developers like to name it "Layer 8". Eventually there is no Layer 8 in the OSI Model (this is why we use "") - but you know us developers and inventors, we like to come with our names. So, what is Layer 8 Security Agent? It is an agent that is doing behavior analysis to end user applications (=Layer 8). I am sure you heard of the term Behavior Analysis, it means we scan the content of the CODE, using heuristics to determine is this code is an attack (doing malicious acts) or just a friendly end user application that allowed to enter. Why do we do this? Well - this is a good technique to stop a Virus that still is not recognized by the Anti Virus (no signature was delivered yet) and otherwise - would infect the protected computer. I really suggest you keep reading, the depth in Yoggie PICO is by far more than what it seems in the first look
Your router will not stop a virus within ZIP file while Yoggie will. You probably need Yoggie Gatekeeper PRO that comes with 2 network ports and can protect 5 comouters without any software install on these machines. Simply plug it to your router and get them all secured by far better than router/w FW as it includes Snort, Anti Spyware, Anti Phishing, Anti SPAM, SurfControl, 4 proxies, Layer 8 security etc. Have a deeper look :-)
There are two versions of Yoggie: Yoggie Gatekeeper with 2 ports Yoggie PICO with USB only working at 480 Mbps (effective 425 Mbps) Find more on the comparision in my posting today.
Dear All, Yes, I am from Yoggie and its a pleasure and honor for me to provide some "internal" information: Some of you mentioned that you need 2 network ports to make a "real" Firewall. True, please refer to our web site: www.yoggie.com and find the Yoggie Gatekeeper. This product released few months ago comes with two network ports running same processor, same memory, OS and 13 application. Some of you, view Yoggie as a Firewall and compare it to Routers and access points: Please note that Yoggie is by far more than just a Firewall and in fact its like a set of enterprise security appliances packed in a miniature computer. Lets see what's in there: 1. FireWall, NAT, DHCP Server and client 2. Full snort implementation including IPS on top. VRT updates will come soon. 3. 4 transparent proxies: 2 for web: HTTP, FTP and 2 for email: SMTP and POP3 4. True File-Type detection agent so file type are detected by content analysis and not based on MIME or file extension! Compressed file - are uncompressed in real time before scanning!!! 5. Anti Virus agent - Kasperski! 6. Anti Spyware agent - both signature based and behavior based! 7. Anti Phishing - since it sees the web and email traffic - it can "close the phissing loop" and verify content/url. 8. anti SPAM - based on Mailshell engine. 9. URL CAT and parental control - based on SurfControl. 10. Layer 8 agent - performs content scanning to "above layer 7" applications, AJAX, VBS, JS, etc. to detect new and unknown virus (not based on signature). 11. MLA - Multi Layer Security agent - a new invention - event correlation in REAL TIME for all event from all other modules - to drastically reduce false positive of IPS and Layer 8 agent. 12. VPN Client. These applications take 35% - 45% of PC Windows CPU. More, one cannot find a commercial implementation of all these applications in one security appliance, even when it comes to a 1U, 2U or 4U appliance. Simply, no one yet managed to integrate layer 2/3 security with layer 7 and above layer 7 content analysis. Yoggie is a unique combination of 7-8 commercial different security appliances. Why did we come with the Yoggie PICO? and why after Gatekeeper: First, we wanted to provide the experts with a 2 network ports solution: we launched the Yoggie Gatekeeper. After we came with this great invention that one can implement an *almost* identical solution using *s-route driver* at the lowest level that still NAT (yes, this is the first NAT and DHCP service inside a protected driver and in between network layers) IP address so external IP address is different from IP addresses Windows application gets. This unique implementation is the only one capable stopping attacks such as "ARP cache poisoning" - something only hardware based firewalls can do. (will go via software firewalls). We absolutely agree that Yoggie Gatekeeper using two network interfaces provides the ultimate separation and isolation but we also know that Yoggie PICO unique "S-Route driver" is by far better than software firewall. Why we didn't add network port to PICO ? - we let this choice with the Gatekeeper (for people that absolutely requires two ports) and made an alternative with almost same security level but with a much smaller form factor (easy to carry)and using the existing network port in the laptop. Your comments and suggestions are welcome. SST.