As the amount of IoT around us increases it’s becoming harder to avoid the topic of network security. We want to believe the smart devices we use are safe and that the information we share on them is secure, but if we’re honest with ourselves we know this isn’t the case.
Who can blame us though for burying our head in the sand over network security? If you’re not a dedicated techie then network systems are a daunting subject! First of all, there are all the threats that can attack your network: hacking, malware, botnets, ransomware, just to name a few. Then there are all the methods of protection; firewalls, anti-virus, device blocking, VPNs. The number of terms to understand is overwhelming – no wonder most us give up at the first hurdle.
Unfortunately for us, network hackers aren’t giving up.
The information on our personal network is becoming more valuable than the possessions in our home so home network hacking is on the rise. Have no fear though – Fing is here to start you on your journey to understanding the network security tools that can help to protect you from this growing threat.
Today’s topic: Fingbox vs Firewalls!
A question we are often asked is how does our very own Fingbox compare with smart firewall devices. The first major difference is that Fingbox is not a firewall – it is instead a home network security toolkit that centers around network scanning and device blocking.
Confused? Bear with us and we’ll explain all!
How Do Firewalls Work?
Think of your home network as being like an airport. At departures all the people and luggage passing into the airport are scanned – forbidden, suspicious or potentially harmful items are then prevented from entering the airport.
A firewall acts in a very similar way. As packets of information pass from the Internet into your network the firewall will scan these to look for any potential threats to the system, such as viruses or spyware. Harmful things will then be blocked from entering. This inspection of information is called packet scanning and can be a very effective way to prevent Internet-based threats from entering your network.
Firewalls can come both as software that is installed onto a system or as a hardware device that connects to the network. They usually come with default filters to scan for harmful malware but some will also allow you to adjust the filtering to block at a stricter level.
Probably the most noticeable place you will encounter firewall software is when working on a public computer. You may have tried, for example, to check the football scores at work and the website comes up as blocked. In this case the network administrator has set the firewall to block any sites dedicated to football – the site may not be harmful, it’s just your boss doesn’t want to you browsing football websites during work hours!
Smart firewall devices for home network systems have recently come on the market. The idea behind this hardware is to provide all the devices connected to your Wi-Fi with a blanket firewall protection. These firewall devices connect to your router and filter all the information passing between the devices on your network and the Internet. Any device that connects to your network therefore becomes protected under the firewall’s packet scanning filters.
However, this packing scanning has its limitations. Imagine you are streaming a movie on your smart TV, whilst your kids are playing on their Xbox upstairs and your partner is browsing Facebook on their phone – that is a lot of information passing between the Internet and your devices. All this increased information has to pass through and be checked by the firewall before it can get to your devices. This can create a bottle-neck effect on your network connection. Like the hideous airport departures queues during peak season, an increased amount of information trying to pass through the firewall can cause traffic to form in your network. The more devices connected to your firewall-protected Wi-Fi the more likely your connection is to become slow, or even crash altogether, due to the increased workload the firewall is trying to process.
A second limitation in firewall protection is that it’s only monitoring one threat entry point to your network – the Internet. Due to this firewalls do not have any visibility as to what devices are on your Wi-Fi network and whether those devices are a threat to the network as a whole. Firewall hardware will even start to protect a new device connected to your network, regardless of whether it is an intruder or not. This gap in firewall security means it does not protect against the highest rising form of cybercrime; physical network hacking and Wi-Fi eavesdropping.
What is Physical Network Hacking?
Physical network hacking is the cyber equivalent of breaking and entering. To do this a hacker gets within the radius of your Wi-Fi signal and then exploits a weakness that allows them to connect their device to your network. This weakness could be a poor router password, an open port or an unsecured device – once they are in they are able access all the information on your network.
As this form of hacking does not involve entering the network via the Internet it goes undetected by firewalls. Due to it not involving the use of any form of malware to access your network the hacker will also not be picked up by anti-virus software. They are just ‘logging on’ to your Wi-Fi like any other device in your home so they will appear, and be treated by your network, like just another device.
There is only one way to prevent an unwanted physical intruder on your network, and that is device blocking.
Going back to our airport analogy, if a firewall is the departures’ security then a network security device blocker is the fencing and surveillance surrounding the entire airport that alerts the security staff of any harmful persons or activities.
This is where devices like Fingbox come in! In a similar way to a surveillance system, Fingbox watches over your network and alerts you when a new device has accessed it. It then gives you the opportunity to block that potential hacker from having access to your network. You can do this on a temporary basis whilst you figure out if the device is actually one of your own, or you can do it permanently so the device can never physically access to your network again. Fingbox also allows you to name and store your IoT on your network so you can easily identify an unrecognised device.
*For you real IT experts out there wondering how this blocking feature works; Fingbox leverages low level (data-link layer) network programming and packet injections to make sure the device is unable to reach not only the Internet but also other local network devices.*
Firewalls vs Device Blocking: The Verdict
In opposition to firewalls, network security tools like Fingbox provide Wi-Fi security features in a more physical sense. As our lives move online it is vital to have both visibility and control over who is on your network. The ability to block unwanted devices is becoming increasingly important, whether it is just a neighbour stealing your Wi-Fi or someone trying to access your private information. This is a big security tool that firewalls lack.
Unlike firewalls, Fingbox also does not re-route all your network traffic through it for packet scanning, and so it will not lead to the data queues that slow down your connection. Fingbox is designed to not interact with your network data and actually comes with many Wi-Fi troubleshooting features that help you achieve better network performance, such as Bandwidth Hog Identification, Wi-Fi Sweet Spot Finder and Speed Checks.
The final major difference between Fingbox and a smart firewall device is the cost. The majority of smart firewall devices have an expensive purchase price and then ongoing subscription fees, and with a lot of consumer-grade routers now actually coming with inbuilt hardware firewalls, you could be spending money you don’t necessarily need to spend. Fingbox’s network security device blocking tools on the other hand are available at the affordable one-off cost of $79.
However, whilst we could talk about the benefits of our little network security and Wi-Fi troubleshooting toolkit all day, we would actually always recommend having several lines of defence when it comes to network security. Hackers can enter your network through both virtual and physical means so it is important to defend yourselves on both of these fronts. With cybercrime on the rise though, and Wi-Fi eavesdropping a rapidly growing method of stealing data, homeowners can no longer afford to ignore the vulnerabilities of their network to physical hacking.
Knowing who and what is on your network is the first step to both understanding and securing it. Start by scanning your network with our free network scanner today.