About this project
iGuardian is the world’s first Internet protection system designed specifically for home use.
WHAT THE PRESS SAYS ABOUT iGUARDIAN
Stretch Goals: $166k Stretch Goal Reached!
Almost every day you can read headlines about cyber-attacks or online threats. Cybercriminals are constantly improving their attack methods to become more sophisticated and difficult to detect. Everyone knows to be careful when clicking on links in emails or opening files. Unfortunately, that is no longer enough. Today, even visiting seemingly safe websites can infect your computer.
At the same time, consumers today more than ever need an affordable and comprehensive Internet security system designed to stop the advanced threats attacking their networks and the growing number of connected devices they have in their homes,
To protect their home network and connected devices, consumers today have two choices: use antivirus or rely on their router. Antivirus only catches threats once they already are on a device. It is also often ineffective against modern malware. Wireless routers rely on outdated protection and are built to be cheap – not secure. In addition, smart home devices connected to the network, like TV/Cable boxes, network storage, VoIP adapters, video game systems, streaming media consoles, thermostats, smoke detectors, security cameras, lights, refrigerators etc. open up even more opportunities for cybercriminals to breach your home network.
Why are we doing this?
At Itus Networks, we believe all families deserve peace of mind that the devices connected to their home network are secure and protected 24-hours a day, 7 days a week. We bring families best-in-class threat prevention for their home Internet connection at affordable prices. Our network security systems are specially designed to block cyber attacks while filtering out malware and other undesirable content. Installation requires 5-Minutes and zero configuration or technical knowledge. The iGuardian is designed for home Internet users who want peace of mind when using the Internet, but don’t want to deal with complex configuration, technical details or costly business-solutions.
This is why we created the iGuardian!
It protects all your computers and connected devices from cyber attacks.
We started Itus Networks in April 2014 to provide effective security for the home and to close the gap between ineffective consumer grade devices and expensive business class protection. iGuardian is the first line of defense for anything trying to get in or out of your home network. iGuardian updates itself regularly, to ensure comprehensive protection without any user intervention.
The iGuardian is a small device that doesn't need much space - it's all in one very smart little box!
Prototype iGuardian Hardware Specs
- 2x 600MHz ARM11 (Cavium Econa CNS3420)
- 512MB RAM
- 32MB Flash
- 2x GbE Interfaces
- 1x RJ45 Console Cable
- 8GB MicroSD Card
Target Specifications for Kickstarter Edition iGuardian:
- 2x 1.0 GHz MIPS64 (Cavium Octeon III 7020)
- 1Gb DDR3 RAM
- 3x GbE Interfaces
- 1x RJ45 Serial Console
- 64MB Flash
- SD Card Slot
iGuardian is designed to provide business-grade security for home Internet users.
Our typical customer is everyone with a high-speed Internet connection. We give you peace of mind that your Internet connection is safe and secure.
iGuardian provides true business-class protection, but costs a fraction of the price and requires no technical knowledge to operate. Itus customers also receive lifetime access to free community security updates, so no costly monthly subscription is required to stay protected.
iGuardian offers comprehensive security because it sits at the "source" and is plugged in right where the Internet enters your home.
We designed the iGuardian this way, so it protects all devices that connect to your home network including smartphones, laptops, desktops, tablets TVs, cable boxes, security camera systems, smoke detectors, thermostats, refrigerators etc.
What is the iGuardian?
The iGuardian is an embedded Linux system based on OpenWRT and runs Snort as an in-line intrusion prevention system. It has been designed and optimized for easy installation and provides advanced threat prevention against a wide variety of attacks. The iGuardian protects your connected devices from Internet threats with a reliable, simple and affordable solution.
The iGuardian protects you against a wide range of threats, including viruses, phishing scams, malicious websites, java, browser, and file exploits, drive-by-downloads, watering-hole attacks, botnets, data-theft, remote access Trojans and key-loggers.
How does iGuardian work?
The iGuardian inspects all traffic coming in and going out of your home network looking for patterns of known attacks. As traffic enters the network it is first intercepted and processed by the iGuardian before being forwarded to its final destination. The iGuardian utilizes Snort as an in-line intrusion prevention system to intercept, decode, normalized, then process packets flowing through the network. The packet data (or payload) is compared against a list of known attack patterns (or rules), if a match is found, the offending packets are dropped and the connection is reset thus preventing the attack from ever reaching it's intended target. By default, the iGuardian utilizes rules in 'Reject' mode.
Itus Networks is a startup in San Jose, California, founded by veterans of the enterprise network security industry. We believe in something very simple: everyone should know that their home network and everything connected to it are always protected and safe.
We founded Itus Networks to offer highly effective Internet protection for everyone that is:
- Easy to use
Who is making this happen?
Daniel Ayoub - Co-Founder of Itus Networks.
Creative Visionary and Inventor of the iGuardian. Daniel is a lifelong hobbyist and hacker turned entrepreneur. When not working on keeping the Internet safer for everyone's home, he enjoys spending time with his wife, two young boys and dog in sunny San Jose.
Jock Breitwieser - Co-Founder of Itus Networks.
Marketing and communications professional, with 20 years experience in the high-tech industry. Born in Germany, but Californian at heart. In his (rare) free time he loves to hang out with his family and friends and do the occasional triathlon.
A special thanks goes to our strategic partner Rhino Labs, who we work with every step along the way, from development to production to fulfillment.
Use of Funds
With the funds from our Kickstarter campaign, we'll be able to start production of iGuardian. To reduce the average production cost per unit and be able to offer iGuardian at a consumer price, we need to produce a minimum of 800 pieces.
Risks and challenges
While any new endeavor involves risk, we’ve made every effort to mitigate these risks for our backers and fans. We have already completed a working prototype, have secured our supply chain in preparation for mass production, and have begun design work on the final PCB. Despite our expertise and careful planning, there are risks to this project.
The security effectiveness of the iGuardian can depend on a number of factors. The Kickstarter edition of the iGuardian does not require any costly subscriptions from us or anyone else. In an effort to maximize protection and value to the widest audience we intend to provide free security updates from open-source and community Snort rulesets.
We are doing everything we can to ensure the highest possible security effectiveness we can. However, no security system is ever 100% effective.
The system as a whole is being beta-tested through the end of 2014. As there may be some minor changes, our experienced team is ready to make any needed adjustments. With any new product, there can be unforeseen challenges that cause delays. Our team feels very confident with the timeline and will do everything possible to deliver to our backers on time.Learn about accountability on Kickstarter
Our apologies if the shipping costs / instructions were unclear or confusing. Please do your best to follow in instructions in the Updates section. We'll be reaching out to our backers when we get closer to fulfillment to collect the shipping information and fees.
Thanks kindly for your patience and understanding.
Yes. We are working with a local firm to ensure the iGuardian has both FCC and CE certification prior to fulfillment.
Why do I need an iGuardian? I’ve already got antivirus (AV) software and a wireless router with built-in security.
Antivirus software - AV software has to be hosted on every computer it is supposed to protect. It slows down the computer and only catches threats once they are already on the device. Modern malware is often designed to disable antivirus software before it can be detected and removed.
Routers w/ built-in security - Wireless routers from big-box stores provide consumers outdated protection and don’t stop sophisticated attacks used by cybercriminals. Consumer-grade routers are built to be cheap - but not secure and are regularly found to have vulnerabilities that provide cybercriminals access to your home network.
SOHO/SMB Firewalls - Many professional firewalls can offer solid protection. But they are too expensive to buy (~$500 and up) and mostly need annual contracts to stay updated. These devices are primarily designed for businesses and often require extensive technical expertise to be configured correctly and protect.
"I don't need security." - Cybercriminals are after your personal data – even if you think it’s worthless. If you haven’t been attacked yet, it’s just a matter of time. You can lose large amounts of personal data on your device, passwords, irreplaceable pictures, documents and more. Someone might even take over your personal social media or financial accounts. Aside from the headache of losing that data, repairing the damage can easily take weeks or months. Protecting your network also means protecting your friends, family and business contacts whose information is accessible through your accounts and who might be attacked through your accounts.
I've read the information, watched your video on here and also the video on your website and still don't understand how the iGuardian will protect me?
During the normal course of software development for any product, bugs or flaws in the code are discovered. Sometimes those flaws can be taken advantage of to trick the computer into doing something it normally wouldn't. We refer to these types of software flaws as vulnerabilities.
Clever hackers are often able to craft special chunks of code or 'exploits' to take advantage of these vulnerabilities to trick the computer into providing access or installing a backdoor. That is the basic premise of how many cyber attacks work, some flaw in the software is taken advantage of to trick the computer into letting the bad guys in.
In order to resolve these flaws, companies often publish security updates for their software which you then must install to 'patch' the flaw. The problem with many consumer electronics products that we connect to our home networks today is that vendors are often very slow to release these updates or sometimes do not publish them at all (if it is an older model for example).
The 'smart' devices we add to our homes are really just small embedded computers. The more of these devices we have in our homes, the greater the potential for someone to find one of those flaws and use it to get into the home network. Once inside, an attacker could pivot from system to system or install malware to collect whatever data they were after (passwords, credit card numbers, tax returns, etc).
For more than a decade large businesses have been using a specialized type of security appliances designed to inspect the data coming in and going out of their networks. The appliances use a regularly updated database of known attack patterns (or rules) to look for any indication that exploit code is being sent to some device on their network. In the event that a match is found, the data containing the attack is disgarded before it reaches the intended target. These types of appliances are known as Intrusion Prevention Systems (or IPS).
The iGuardian is an IPS but instead of being really expensive and complicated like the type used by large businesses, it has been optimized for use to protect your home. In designing the product we've used similar software and hardware to what is found in systems that cost nearly 10X as much while still making it easy to use.
The goal of this project is to bring business class security technology to the average consumer while making it affordable and easy to use. The iGuardian is designed to mitigate a lot of the risk found in people's home networks and the devices connected to them.
Integrated modem / router combo units provide a bit of a challenge. The iGuardian can still be used in these environments but installation may be a bit more complex.
Here are a couple of different ways you can still use the iGuardian...
--Use your gateway as you normally would, attach iGuardian as a L2 bridge, connect a switch or wireless access point to the iGuardian
--Set your gateway to run in modem only mode, attach the iGuardian as a L3 router, connect a switch or wireless access point to the iGuardian.
--Set your gateway to run in modem only or bridge mode, attach the iGuardian as a L2 bridge, connect a wireless router to the iGuardian.
Which method you choose will depend on how your home network is configured and what options are supported by your gateway device. In general, the one thing you need to remember is that only traffic passing through the iGuardian can be inspected for threats. If a computer or device is attached to the network without traffic first passing through the iGuardian, it will not be able to see the attack or stop it.
While it's true that you can build your own dedicated or virtual system running Snort, you may find that the labor and hardware investment required to build, configure, and tune the system will be far greater than the value and flexibility found in the iGuardian. We're trying to build a powerful yet affordable IPS/UTM like appliance that is a good alternative to home-built devices. The iGuardian is being built with the same types of network security processor technology found in enterprise-grade appliances. Hobbyists and hackers wishing to modify the iGuardian software to use the hardware platform for other purposes are welcome.
Because we are utilizing enterprise grade technology in a consumer device building the iGuardian required a very specialized type of skill set. In order to ensure the highest probability of success for our backers and to build the best product we possibly could, we decided to forge a strategic partnership with a local company that specializes in design and manufacturing of enterprise-grade network security appliances. We are working very closely with our friends at Rhino Labs to ensure the iGuardian provides the highest quality product possible for our backers. Product development for the iGuardian is currently underway and we are excited to share updates with our backers as the project progresses.
We intend to provide our backers with a default configuration that will automatically download and install open-source and community rule sets at no added cost.
Yes! We intend to leave the iGuardian Kickstarter Edition software platform open or 'unlocked' so that anyone wishing to add their own rule subscriptions may do so. Future versions of the iGuardian may not include this capability.
The iGuardian prototype is configured to operate in L3 routed mode. Snort has been configured to utilize the NetFilter Queue (NFQ) data acquisition (DAQ) module. Traffic entering the system are sent to the queue via IPTables in order to await processing by the Snort engine. Snort will then determine if the traffic is allowed or rejected based upon it's configuration and rules. Dirty or dangerous traffic is dropped from the queue and the connection is reset while traffic which is found to be clean is released from the queue and forwarded to its destination.
Yes, the iGuardian runs OpenWRT and can be operated in L3 routed mode. This mean you can put your wireless router / gateway into a bridge to use the iGuardian as your router. Similarly, it is also possible to run the iGuardian a router then simply attach a wireless access point or switch behind it. Depending upon the specific setup in your home network configuration, this may be an optimal operating mode.
The iGuardian features patent-pending technology designed specifically to aide in ease of installation. By default, the system will include multiple configuration options to maximize compatibility and simplify the installation process. Users can easily toggle between any of these pre-populated modes in order to change the default starting configuration. In order to allow this to occur without needing to enter the WebUI or CLI console, we've build a switch on the front which can be used to set one of three possible modes. One of these modes will load a configuration that enables layer-2 bridge mode with Snort running in-line.
The iGuardian prototype runs OpenWRT Barrier Breaker r40561 as the base OS and Snort v188.8.131.52 as an inline IPS. We intend to leave the iGuardian software platform open-source and look forward to working with the open-source and hacker community with future collaboration and contributions.
The iGuardian features the same type of specialized security processing technology found in big expensive business equipment but at a fraction of the cost. The iGuardian detects threats based on Snort, a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS). Snort is maintained by Sourcefire, a Cisco company. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time."
The iGuardian is designed to block attacks that could lead to compromise (and then an infection) where as antivirus is useful in removing threats that are already on the endpoint. The iGuardian is designed to stop these threats from ever reaching the endpoint however no system is ever 100% effective. Often times in information security you'll hear people refer to 'layers' of protection. Using the iGuardian along with AV software would provide you with an additional layer of protection and is generally recommended.
By default the iGuardian will send logs to an SD card; at this time no other notification is sent to the user. However, we are leaving the platform open so that any advanced users wishing to manage logs via their own syslog server may also do so.
IGMP snooping is outside of the scope for this project and is not something we are planning on including at this time. However, with that said, the iGuardian is being left open-source so adding this functionality on your own is entirely possible. At this time we are trying to be very careful to control scope creep into the project in order to provide a thorough QA and Beta cycle.
By default both OpenWRT and Snort include support for IPv6 however in order maximize our QA and Beta testing abilities we will be focusing mainly on IPv4 for the scope of this project. We hope to add IPv6 functionality at a later time once we've had an appropriate amount of time to validate functionality.
At this time SSL inspection is considered to be outside the scope of the project. In order to deliver a high quality product to our backers we are trying to be very careful about limiting scope creep in order to maximize our QA and Beta testing abilities.
SSL decryption and inspection is on the long term product roadmap however in our experience implementing this capability is not trivial. There are often serious performance impacts and many incompatibilities requiring a very long exclusion list which can be quite difficult for home users to manage.
The iGuardian uses OpenWRT as it's base operating system. OpenWRT does include a web management interface however at this time Snort is purely command line driven. Part of the scope of this project would be to create a module for OpenWRT to enable web management of the Snort configuration and rule files.
At this time we do not have a mobile app for the iGuardian however the platform is being left open so that anyone wishing to integrate with other 3rd party log management systems which already have mobile apps (like Snorby) may do so.
We're shooting for a minimum of 50Mbps of throughput for the Kickstarter edition. According to discussions we've had with the chip manufacturer we should be able to get close to 100 Mbps of fully IPS inspected traffic out of the CPU that we've selected; however, a conservative estimate at this point is 50Mbps for the effective throughput. With additional tuning and optimizations we expect this number to grow by several multiples.
My ISP connection is 300mbps, will my bandwidth be limited to 50mbps as long as the iGuardian is connected?
If your WAN connection is higher than 50Mbps you may find the connection throttled at times by the iGuardian. Over time as we continue to optimize the code base we expect to be increasing the throughput of the iGuardian via firmware updates. Since many ISPs are not delivering speeds above 50Mbps to residential customers we feel confident that this should not impact too many users.
Some of the SMB devices shown in the comparison chart have an IPS throughput of 250mbps, with a presumably slower processor. Is there a reason why the iGuardian has a lower throughput?
Throughput can vary based upon traffic type, packet size, and a variety of other factors. The CPU we've selected for the iGuardian has the potential to perform at much faster rates however this requires a lot of fine tuning and optimization to take full advantage of the hardware acceleration engine. We're confident that over time we'll be able to increase the throughput of the iGuardian with firmware updates however for the initial version we are targeting 50Mbps.
Once I plug the iGuardian into my home network and use it, will it affect the smart devices in my home?
This will depend upon your specific network topology and a variety of different factors however in general we've designed the iGuardian in such a way that it can be installed without impacting the devices connected to your home network.
We will be providing our overseas customers with one of the following...
USA Power Adapter rated for 100V~240V + an appropriate adapter to convert the plug size
EU specific power adapter
Please kindly add $20 for shipping to Alaska or Hawaii.
We're still looking into these; please stay tuned.
Support this project
- (36 days)