Living in the age of Cyber Adversity in which the risks from on-line hackers, criminals, cyber-miscreants, not to mention those foes who exist in the guise of service providers wishing to exploit our data to their own financial end, the prospect of a modicum of robust security is, or at least should be at the forefront of our minds. The problem is however, when it comes to those big corporates, notwithstanding the investment is not always as effective as it should be, they do have the resource to manage the risks (even if it is after-the-fact). However, when it comes to Joe and Jane Public, the SME, and other institutions such as Schools and those smaller not-for-profit institutions, they are left very much on their own to struggle by with the cyber-challenge of the day!
If I were to select but one big security pain, based on my observations it is that of the management and security of those promiscuous environments that you can’t see or touch, but which offer their services out to any informed onlooking set of potential users without the knowledge, or for that the authority of their asset owners – here I am referring to the Promiscuous World of Wireless Communications.
Today, pick up any PC or Web Magazine and you will find multiple adds for security software, solutions, apps, and a whole variety of bolt on goodies which will help to preserve the security and integrity of your assets and data – and trust me, I have trialed most of them with varying degrees of success and frustration. But every so often something comes along which is a bit special, and this happened to me a few years back when I discovered FingBox.
FingBox is a little device you simply plug into your WiFi infrastructure in true plug-and-use fashion. Installation is a breeze, with even the most unaware technocrat being able to get this device up and running in a matter of moments. But what does FingBox offer in the way of securing your assets.
First of all, let me make it clear I am not in the pay of FingBox, I receive no rewards for promoting – my opinion comes down to just one fact – the use of this little low cost device has impressed me ever since I installed it, and on numerous occasions it has alerted me to things that could have been bad for my logical health! To mention all the benefits this box brings to the table would make this article a little lengthy, so if I may, please allow me to whet your appetite with some of its more interesting features.
- One of the great benefits for me has been when a new, and in this case potentially unwanted user attempted to make a connection to my Wi-Fi Network – Good old FingBox then goes from its normal steady blue ring of security and starts to flash to notify the user that something is wrong. From here it is just a matter of loading the app on your Cell-Phone, and reviewing the alert – from there the decision is your positive-alterative Block, or Allow (if required, later after a little investigation, if you so wish you can also Unblock)– see Fig 1 below:
Fig 1 – FingBox Block
- Another nice little feature is that the device will allow you to run your own Mini-Security Test against your Router to assess its security configuration, and to alert up any ports that may be offering up some potential of misuse – again, all driven from an easy app on Cell-Phone. And if you so desire these reports can be sent to you via email – See Fig 2 below:
Fig 2 – Security Reporting
- FingBox also helps the end user keep their assets, and by inference their multi-users safe from common attacks such as Evil-Twin by enabling a proactive security shield to protect their environment – again as above all controlled from a simple app – See Fig 3:
Fig 3 – Proactive Security
- Last but by no means least, very nice little feature that comes with this little device is the ability to test the user infrastructures performance – so you can see that you are getting (or not) what you were promised and paying for – and yes, by this time you may have guessed it – all done from the Cell Phone – See Fig 4:
Fig 4 – Performance Testing
In conclusion, I am hard to please and don’t usually rave about any tool’s really, unless that is, they fall into my special category of ‘Doing-what-they-say-on-the-Tin’. Thus, here my comments are driven by passion for this little low-cost device (£137.00). But one of the most important factors here for my observations is that FingBox can and will help those unforgotten mass of millions of users who are largely ignored by the Cyber Security Industry with its view for most of the time only set on the Corporate World – as they say take care of the smaller change, and the macro will benefit by inference. But don’t take my word for it, if you are seeking to add a little more security to your on-line experience, then check out FingBox at – https://uk.fingbox.com/.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.