Fing Security Principles
Security is our number one concern for any feature we implement.
We have has adopted administrative, physical, and technical industry-standards (including encryption, firewalls, and SSL) to safeguard the security of our services and to protect the confidentiality of personally identifiable information.
When designing and developing our solution we adopted the Principle of Least Privilege.
Since the early development phases, we have engaged independent bodies to perform continuous security assessments and penetration testing and we continue to do so on a recurring basis.
On a practical level, your data in the cloud is as safe in as other mainstream cloud services, such as iCloud or Dropbox.
We have built our cloud solution on top of the best and most common security practices. In comparison to other competitors in the same market (Smart Home/Home Automation), we believe that we have implemented security best practices beyond other competitors.
We also plan to introduce enhanced security features in the future to notify you, amongst other things, of abnormal or suspicious activity in your network.
Cloud Infrastructure: The Fing solution relies on very strict perimeter security policies. E.g. only the required standard communication ports are open to the public, while we use a different communication channel for the management. We have implemented multiple levels of firewalls keeping the front-end servers (with no data) completely segregated from the back-end servers (managing customer data).
Defence in Depth: To protect systems and data in the cloud, we adopt the “Defense in Depth” principle, which focuses on implementing several layers of security to guard against cyber threats or, in the unfortunate case of a cyber compromise, to quickly detect and mitigate its effects. We use an automatic monitoring system which alerts the IT department if any strange behavior or anomalies (such as an intrusion) happens on our systems.
Independent Bodies: We have engaged external and independent bodies to perform continuous security assessments and penetration testing to guarantee the highest level of security for our cloud solution.
Account Password Management:
Passwords are never sent over emails, and you can’t change your account password if you do not have access to your email inbox.
In fact, if you forget the password, Fing sends a token link to your email box to change the password (we don’t send you the new one directly).
You will also receive an email as soon as you change the password (so that you can spot if somebody else has changed your password).
Under no circumstances do we store your password in clear text. All the user passwords are encrypted with the highest security standards (SHA2-512).
Note: your Fingbox, installed on your premises on your device, connects to our cloud with a different set of credentials (see below). You will not be able to find your main password on the device.
App Communication with Fing Cloud:
All communications between the Fingbox App (either the Mobile App or Portal-WebApp) are established over a secure HTTPS channel (HyperText Transfer Protocol over Secure Socket Layer).
This means that the entire communication between the Fing App and the Cloud is over a secure channel (encrypted). Your account password is only transmitted over this secure channel to monitor and act on your network.
Fingbox Communication with Fing Cloud:
All the commands to the Fingbox (block device, speed test, etc) are sent over a secure channel over SSL (Secure Socket Layer).
Each Fingbox/network has its own private channel, and this channel can only be accessed by that specific agent.
We do not store the Fingbox password in clear anywhere.
Sensitive information from the Fingbox to the Cloud is sent over an SSL secured channel. Sensible information from the Fingbox to the Cloud is sent over HTTPS channel, with the same Fingbox credentials.
The Fing solution does not increase the possible attack surface of the Network since all communications are established from within the Network to the cloud.
It creates encrypted and temporary overlay networks from within the Network to the Cloud. Therefore, no additional ports are opened to the outside.
Updated April 13th, 2017