Using a FingBox on an isolated (closed) network

Jericho48
Jericho48 Member, Beta Tester Posts: 2
First Comment Photogenic
Greetings!

I have a friend that needs a device to monitor one of their business networks that can identify whenever a device connects to it. Sounds like a FingBox will easily fit the bill.

Except... The network has NO INTERNET ACCESS. It's a completely isolated and closed network. Will a FingBox work in this case? Or does a FingBox require Internet access?

Thanks in advance!

Comments

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Jericho48 said:
    Greetings!

    I have a friend that needs a device to monitor one of their business networks that can identify whenever a device connects to it. Sounds like a FingBox will easily fit the bill.

    Except... The network has NO INTERNET ACCESS. It's a completely isolated and closed network. Will a FingBox work in this case? Or does a FingBox require Internet access?

    Thanks in advance!
    Like any device on the LAN, the device can function without the internet, however, there will be some caveat's with that.
    You should be able to access the web UI via local IP address, functions from the mobile app will not be present due to lack of internet connection. 
    Out of curiosity, why would this network be without an internet connection?  How is it maintained?  How are updated rolled out?
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Gidster
    Gidster London, UKMember Posts: 224
    100 Likes 100 Comments 25 Awesomes 25 Agrees
    ✭✭✭
    kltaylor said:
    You should be able to access the web UI via local IP address, functions from the mobile app will not be present due to lack of internet 
    I believe you need Internet access to access the Web UI; its delivered by Fing cloud servers rather than the device itself
    Head of Product at Fing
    kltaylor
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Gidster said:
    kltaylor said:
    You should be able to access the web UI via local IP address, functions from the mobile app will not be present due to lack of internet 
    I believe you need Internet access to access the Web UI; its delivered by Fing cloud servers rather than the device itself
    I stand corrected.  Yes, you will need internet access to monitor your LAN environment using Fingbox and the Fing mobile app.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Jericho48
    Jericho48 Member, Beta Tester Posts: 2
    First Comment Photogenic
    kltaylor,

    Thanks for the reply. Just to answer your question, the network is isolated because of security reasons. I don't know the EXACT reason, but it usually falls into something like networks containing classified stuff (Top Secret + Internet = Bad), or ones with proprietary intellectual property a company does not want exposed to the larger internet (critical IP + Internet = Bad), it may have something to with an industrial control system (robots making cars + Internet = Bad), or even some kind of aviation thing (software flying passenger jet + Internet = Bad).  Anyway, there are often reasons in both government and industry for physically isolating (air gapping) a network. It does not make it totally secure (think supply chain attacks), but it dramatically lowers the attack surface and makes it A LOT harder to hack.

    As for maintaining and updating a closed network, it... is... HARD. You have to keep up on things and air-gap all the patches and updates from the regular Internet to the closed network.  Sometimes you have updating servers on the closed network that work just like you have on a normal corporate network. On the smaller ones, you may have to run around and update every box manually, circa 1995. It's a pain. But if you need to keep things REALLY secure, it's the way to go.

    Hope this helps!

     

     
    Hronos
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    That absolutely does help, @Jericho48 thanks for providing to us the details of the situation.
    When I worked as the Net Admin for a Franchisor, one of the Franchise locations was housed inside a subsidiary of Lockheed Martin, they kept a very tight reign on what ports were opened, who had access to the internet, etc.
    As @Gidster pointed out though, you would need to have an internet connection in order to use Fingbox to monitor that. 
    Is there any room to discuss a robust firewall with everything turned off and only the ports absolutely needed can happen? 
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Pooh
    Pooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    If you're looking at putting anything on a secured network then I'd be very very careful. Not been in the game for a while, but back in the day when I used to be a military contractor for the British Army & Air Force, anything and everything that even began to approach a secured system had to be fully vetted.
    People say nothing is impossible, but I do nothing every day.
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Pooh said:
    If you're looking at putting anything on a secured network then I'd be very very careful. Not been in the game for a while, but back in the day when I used to be a military contractor for the British Army & Air Force, anything and everything that even began to approach a secured system had to be fully vetted.
    Absolutely, there are ways to have an insanely-secured environment that would allow you to use a service like Fingbox to manage and maintain connectivity.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain