Yoggie Security Systems Gatekeeper Pico
Author: Zahn Funk
Editor: Shawn Knight
Date: 03-02-2008
Provided by: Yoggie Security Systems
Pages:
Advanced

One thing I would like to point out is that after making advanced changes, the settings are permanently saved under whichever level you happen to currently be on, Med for example. There is no way currently to reset these levels back to factory defaults, however Yoggie tech support indicates this is a known issue and will be fixed in a future software update. For now if you want to return the advanced settings to default they offer a list of what each setting should be for Low, Med and High in their online knowledge base.

Web Filtering is a feature that limits access to certain web sites based on the classification of its content. The accuracy of this filtering is only as good as the "blacklist" database of sites though. The Yoggie device uses filtering by Websense SurfControl, and allows you to customize the filtering based on 53 different category selections, everything from the commonly blocked sexually-explicit/adult and illegal activity related sites, to more general classifications such as shopping or entertainment. I was impressed with the ability of the software to correctly identify and block access to various sites, an important feature for corporate administrators looking to prevent unauthorized web browsing on company assets, or for home users who want to have a customizable level of parental control.


The Firewall advanced setting allows the user to enable an outbound black or white list. The black list is enabled by default on the Medium firewall setting, and both black and white lists when set to High. These contain a list of specific ports commonly used by malware programs to communicate out from the host computer. The Gatekeeper provides stateful packet inspection so responses to traffic originating from the PC are allowed through, such as file downloads, web browsing, etc. Secure SSL traffic and VPN connections were not affected, however something as basic as peer-to-peer file sharing does not work through the Pico by default, regardless of the security setting. Microsoft file sharing requires ports 135 through 139 to be open, and Yoggie tech support got me pointed at their online knowledge base which details how to manually open these and any other inbound ports you may need to use.


By default, the Pico will only scan inbound files up to 10MB in size. The advanced options allow the user to either block files larger than that, or allow them through without being scanned. There is no explanation for this configuration although I suspect it's to prevent the device from being bogged down trying to scan larger files. Personally I'd rather have all my downloaded files scanned, even ones larger than 10MB.


The IDS/IPS (Intrusion Detection System / Intrusion Prevention or Protection System) settings allow the user to specify whether to block, allow or log 16 commonly used network ports such as DNS, FTP, NetBIOS, POP3, etc. IDS/IPS differs from basic firewall operations in that it actively monitors traffic both through the firewall and inside the network, even connections that are allowed by the firewall, watching for various patterns and suspicious activity that are associated with malicious software or users.


The last section, titled Components, allows the user to enable or disable scanning for four different protocols: SMTP, POP3, HTTP and FTP. SMTP and POP3 are used to send and receive email, HTTP is for web browsing and FTP is for file transfers. I was experiencing some lag when gaming online and tech support suggested disabling the HTTP scanning. The problem with disabling HTTP scanning is that doing so eliminates ALL scanning for HTTP, including the Web Filtering and Anti-Virus. If you didn't have Web Filtering turned on in the first place then no big deal, but not having anti-virus scanning while browsing the web is like having unprotected sex; I definitely wouldn't recommend it. Turning it off did fix most of my game lag however.


On to final thoughts and conclusion.


  Sponsors Links

  Sponsors Links