Networks are filled with entry points, and because of this, they are extremely easy to hack. The problem most homeowners face when securing their network is a lack of visibility of where these vulnerabilities are. How can you remove a weakness when you don’t even know where it is?
Those of you with a skilled understanding of networking will know how to quickly expose these flaws, but us average Joes get a headache just at the thought of deciphering a screen-full of code!
This is where Fingbox’s Network Vulnerability Test comes in.
Fingbox aims to hunt down those weak points so you don’t have to – giving you visibility of your connection security in a clear and easy-to-read manner.
What does the Network Vulnerability Test check?
The Vulnerability Test is a combination of a router audit and a remote scan test. Don’t worry, we’ll explain!
Firstly, it is best to understand how your router works.
For data to pass between the Internet and your home network the information must travel through virtual ‘holes’ in the router’s software, called ports. Ports not only allow the information to pass in and out of your network, but they also direct the information to the correct devices.
Think of your router as being like your house – a port is like your front door. The door sits shut unless you want someone to access your house. Like with a front door, a port is only opened if it is being used. But also like a door, if a port is weak or left open then you are leaving yourself vulnerable to intruders.
There are 65535 ports on your router but don’t worry, they are not all permanently open.
Secure ports are either opened manually by the owner of the network or, like with a lot of consumer-grade routers, by inbuilt protocols, such as UPnP and NAT-PMP.
These protocols are designed to save users the effort of having to manually open ports – they give permission to the devices within the network to open ports on their own.
So How Does the Vulnerability Test work?
The Network Vulnerability Test automatically runs weekly but you can also perform and on-demand scan. The test is made up of two parts:
The Remote Scan Test performs a port scan on your public Internet address (the individual numerical address visible to the public when you are online) to see which ports are open to the external world: these are the open doors into your home, and you should make sure to have only the strictly necessary ones open.
The Internal Router Audit checks the router addresses, the NAT configuration and whether or not UPnP or NAT-PMP is activated. In the house metaphor, this would be the equivalent of checking the security measures placed inside the building in case an intruder did make it through the door.
Where Do I Find the Network Vulnerability Test Feature?
To access the Vulnerability Test you simply click on the Network tab (from the Fingbox Dashboard). Scroll down to Vulnerability Test under the ‘Manage this network’ segment:
What Does the Vulnerability Test Show You
With the Vulnerability Test, you can see where your router leaves you vulnerable to hacking. This allows you to make the changes required to toughen up your network security against incoming threats.
The Vulnerability Test includes:
- History: A history of your previous scans
- On-Demand Scan: Perform a Vulnerability Test on-demand
- ISP & Public IP: Your Internet Service Provider’s (ISP) Information and your public IP address. This is what anyone on the public Internet sees when you connect.
- Network Topology: if you have a public Internet address or if your router is connected to a private network. Most homes are connected directly to the public Internet. Private Internet occurs in places like Universities or large companies.
- Firewall Presence: If your router has an activated firewall in it to protect against malware traveling on the network traffic
- Urgent Issues: Any urgent vulnerabilities that need to be dealt with, i.e a suspicious open port.
- Automatic Port Forwarding: If your router has UPnP or NAT-PMP activated, allowing programs and devices to automatically open ports to the external world. This may sound nice and easy, but can be a major security hazard. Soon as a hacker gets on your network they can then use the UPnP or NAT-PMP protocol to access and control every device on your network.
- Open Port List: A list of detected open ports. Each row indicates how a service connects to your network so you can investigate why they are open and if they are necessary. You can also close UPnP ports directly from the app.
- UPnP Port Closing: If you have UPnP enabled on your router you can use Fingbox to close open ports.
Automated Network Vulnerability Tests
The weekly automated Vulnerability Tests are automatically set up when you set up your Fingbox, and so will run weekly around that same time. You cannot edit the automated schedule but you can run on-demand tests.
After Fingbox has run its weekly scan, if new ports are open or vulnerabilities are spotted within your router, Fingbox will alert you immediately!
Run an On-Demand Vulnerability Test
To run an on-demand Vulnerability Test you simply click on the refresh icon (curly arrow) in the top right-hand corner of the screen.
This will take you through to a progress screen to show you the test is in action. This may take a little while as there are a lot of ports to check!
Closing Opened Ports via UPnP
With the Fingbox you can close ports via UPnP directly from the Vulnerability Test feature. Simply click on the CLOSE button at the top of the open ports list.
Network Vulnerability Test FAQs
Why is the test not showing a port that I know is open?
Fing remote port scan performs a check on all available 65k ports. Even though it lasts approx. 2 minutes in order to avoid heavy traffic towards your public IP, some routers and firewalls might detect it as a burst attack. Common anti-burst detection can temporarily ban the Fing server performing the scan. As a result, you are going to see fewer ports on the list.
If you are an advanced user and want to compare a Fingbox report with your manual port scans, please note that as you are running a manual scan from within your network you most probably will see more open ports on your public IP. This is because the router understands you are actually on the network and so does not filter you with the firewall.
How Do I Disable UPnP or NAT-PMP from my router?
If your router supports UPnP or NAT-PMP, you’ll find an option to disable it in its web interface. Consult your router’s manual for more information.
Fingbox cannot close ports for me – how do I close a port on my router?
For opening and closing ports, most routers provide an administrative web interface that you can access directly using a browser from your PC or mobile, putting your router IP address in web address bar. You are usually prompted for credentials and, unless you manually changed them, you should be able to find them in router’s manual.