The concept behind the Yoggie Pico is to provide traveling laptops with the same level of security as within the corporate network. But how can one make a server room full of security appliances available to traveling users?
A powerful security processor
To make this possible Yoggie has invested two years in the development of a miniature security processor. The concept of specialized processors is not new. During the 80’s the mathematical processor was introduced. According to this concept when complex calculations were needed, a specialized mathematical processor would perform these tasks, effectively offloading these specialized tasks from the main processor. During the last 5 years, the same revolution took place with the introduction of a specialized network processor that would free the main processor from networking tasks.
The Yoggie Pico’s miniaturized security processor is a powerful 520 MHz Intel Processor. It continues the trend of offloading specialized tasks from the main processor, for performance. But one of the main advantages of the specialized security processor is that of security.
Physical Separation
Unlike security software installed on a laptop, the Yoggie Pico uses the same approach that is used to protect the corporate network – physical separation of the first line of defense. A robust security appliance, with a hardened Linux-based OS, the Yoggie Pico physically isolates the laptop from incoming Internet threats. The fact that the Yoggie Pico is in the front-line instead of the laptop itself means it can protect from unknown attacks. If for any reason, the attack is successful, the Yoggie Pico is hit first and will not allow further damage to the laptop.
The Yoggie Pico’s low level driver redirects all network traffic to the Pico before Windows and the laptop’s TCP/IP stack are even aware of its existence. The Pico scans the content and the safe content is released to the higher layers of the TCP/IP stack. The Yoggie allocates an IP address to the laptop and picks up the external address in the normal manner (dynamic host configuration protocol or static). It performs full NATing, keeping the laptop isolated.
Hardware Designed for Security
The Yoggie Pico’s hardware was designed specifically for security purposes only. It includes a robust computing platform with a powerful CPU, with the sole purpose of protecting the laptop. The Yoggie Pico features a USB 2.0 high-speed connection. The device also includes two separate Flash memory units. One of the units stores a secured copy of the Linux OS. During pre boot, the Yoggie Pico copies the OS onto the second unit, and uses it during runtime. The original copy of the OS, stored on the first unit, does not include any “Write Access” permissions. This double-step process, guarantees that in the event of a successful attack, upon rebooting the device a clean and safe version of the OS is uploaded, making the OS and security applications completely safe.
Corporate-Grade Security Solutions
The Yoggie Pico combines best-of-breed enterprise-class software with proprietary patent pending developments to provide a comprehensive security solution.
The anti-virus software is from Kaspersky, one of the best known anti-virus developers in the business. The IDS is Snort, well-known to most security professionals as a stable, full-function IDS tool. Content filtering is from SurfControl. The entire product runs on an embedded operating environment that the user can manage but cannot compromise.
With its stateful inspection firewall and NAT, the Yoggie hides the laptop’s IP address from the outside world and closes any unnecessary network connection. In addition, the hardware design and hardened OS prevents any tampering on the Firewall (a common Spy-ware or Virus behaviour). Deep packet inspection is performed by a robust intrusion detection/prevention solution to detect attacks as they begin their operation.
The application layer includes four transparent proxies, two for web traffic (HTTP, FTP) and two for email traffic (SMTP and POP3). Using a powerful true-type detection engine, the proxies can deal with any content type, including decompiled elements such as compressed class and file attachments. These elements are analysed by seven security agents:
