Startup builds intrusion prevention system for home networks

17.08.2014
At a time of growing concern about the security of interconnected devices in homes, a startup aims to provide consumers with a type of network security system traditionally used by businesses.

At the DefCon 22 security conference in Las Vegas last week, San Jose-based Itus Networks unveiled an intrusion prevention system that it claims can protect the increasing number of network-connected consumer devices from outside attacks.

The firm's iGuardian product, which the company hopes will be mass produced starting in February, is a small device that can be installed in front of a router to analyze incoming and outgoing network traffic for signs of malicious activity.

Network-based intrusion prevention systems (IPS) are security appliances typically used on business networks. Depending on the brand, specifications and amount of traffic they can inspect in real-time, their price varies from a few hundred dollars to thousands of dollars, making most of them too expensive for home use.

With an estimated price for the iGuardian of $179, Itus Networks founders Jock Breitwieser and Daniel Ayoub, who previously worked at Dell SonicWALL, hope that their product will change that without sacrificing technical capabilities.

The prototype has a dual-core 600Mhz Cavium Econa CNS3420 processor based on the ARM11 architecture, 512MB RAM and 2 Gigabit Ethernet interfaces. The final product, however, is expected to use a dual-core 1GHz Cavium Octeon III 7020 processor on the MIPS64 architecture that's more powerful than those found in some network security appliances from Juniper Networks, Dell SonicWall and Netgear. It will also have 1Gb DDR3 RAM and 3 GbE interfaces.

The iGuardian runs a popular open-source IPS software package called Snort on top of OpenWRT, a community-built Linux distribution for embedded systems. The device will get automatic updates for Snort community-developed rule sets -- definitions that are used to detect known attack patterns inside network traffic -- but users will also be able to subscribe to commercial Snort rule sets if they want to.

Long term, the plan is for Itus Networks to also research new threats and develop its own Snort rule sets for customers, the founders said.

The device will not only be able to block attacks from the Internet, but also malicious traffic originating inside the network. For example, if malware running on a local computer tries to contact a known bad server, the device could block that communication using IP address or URL blacklists, they said.

For now iGuardian supports a throughput of 50Mbps, which Breitwieser and Ayoub believe is suitable for most residential Internet subscribers in North America. However, the company plans to ship the device globally, so users in countries where ISPs offer higher speeds might experience traffic throttling when they deploy the device.

According to the founders, the current throughput is not a limitation of the hardware itself and they're confident that they can increase it three- or fourfold through firmware updates by optimizing the code to take full advantage of hardware acceleration.

The company needs to produce a minimum 800 initial devices to reduce production costs and reach its desired price point. To raise the necessary funds the company has launched a Kickstarter campaign that gives backers the opportunity to buy the device for $149 or less.

Though iGuardian falls in the price range of high-end SOHO routers, its creators believe there will be demand for it and that the market for consumer-grade IPS devices will only grow in the coming years. The device offers a level of protection against modern threats that antivirus products and routers don't currently provide, they said.

In fact, many home routers have vulnerabilities themselves and the number of attacks against them has increased considerably over the past twelve months.

In March, researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to hijack online banking connections. Also this year, researchers found a worm that infected Linksys routers, and attacks that installed cryptocurrency mining malware on network-attached storage systems.

Past security reviews of popular SOHO routers found many vulnerabilities and a router hacking contest at DefCon that was sponsored by Itus Networks resulted in 15 new flaws being reported.

Other talks at the Black Hat and DefCon conferences last week focused on vulnerabilities in network-connected devices that make up the so-called Internet of Things. There seems to be a consensus among security researchers that such devices are not being designed with security in mind, which can have serious consequences, from wireless alarm sensors being disabled to security cameras being hijacked.

Breitwieser and Ayoub believe the security of routers and other Internet of Things devices is not likely to improve anytime soon, which is why they think consumers will increasingly need the kind of protection offered by network-based intrusion prevention systems.

Lucian Constantin