F-Secure SENSE - review of the router that secured our Wi-Fi network for two weeks
ConclusionsThe manufacturer retained in the device several types of technologies that, when combined with each other in an invisible and do not require specialized configuration, protect all devices, regardless of whether an anti-virus agent is installed on them.
F-Secure SENSE is an unconventional router. It is built based on a sequence of modules that protect all devices connected to the local wired and wireless network. The manufacturer of this slim box is the same company from Finland, which is recognized by the award-winning antivirus software, including the provision of modern security services, EDT (Endpoint Protection and Response), an early intrusion detection system ( Rapid Detection Service), or even VPN software under the name F-Secure Freedome.
F-Secure SENSE is much more than a traditional router, because it is distinguished by a luxurious design, but also from the technological side is not like the cheapest models from electronics stores. The SENSE device, just like a real hardware threat management product, is equipped with several original modules, the purpose of which is to protect against the malicious software of the home network and connected to it all other devices with a built-in network card.
Distinctive features of F-Secure SENSE from similar devices are:
- The unique website scanner built into the router (based on white and black URLs) has been borrowed from F-Secure's business antivirus products, which are characterized by a better quality of security than products for home users.
- Unlike regular routers, the integrated firewall is equipped with IDS (Intrusive Detection System) and IPS (Intrusive Prevention System) systems that detect attacks and react to security events. The router analyzes transmitted packets in both directions (outgoing and incoming) for malicious IP addresses of control and management (C&C) servers, i.e. servers that are used by criminals to issue commands to infected devices.
- The router software can be downloaded and installed automatically. The application on Android or iOS will inform you about the need to patch gaps in the device firmware or to install new functions. It is very important that the equipment always has the latest software. This will prevent situations such as:
- Almost all ASUS routers are vulnerable to password theft or remote code execution.
- The Moose worm threatens routers and IoT devices around the world.
- Exploit Chimay Red: vulnerable devices Mikrotik and Ubiquiti form a gigantic botnet.
- "HACKED-ROUTER-HELP-SOS-HAD-DUPE-PASSWORD" - your Mikrotik or Ubiquiti also has such a hostname?
- New devices on the network are immediately visible to the administrator in the management application. One tap on the smartphone screen is possible to block the selected internet access device.
- F-Secure SENSE by default has as many as 25 license slots for anti-virus software for Windows, Android, macOS, iOS and Android. The intended anti-virus for these systems is available under the same name as the device, i.e. F-Secure SENSE.
- Router under the purchased license and no additional charges, using embedded modules analyzing security in the cloud (without installing an anti-virus) can secure an unlimited number of devices. The analyzed network traffic in the same network prevents attacks that reach PCs, laptops, smartphones, smart-TVs, IP cameras and a whole range of IoT devices in modern farms and "smart homes".
Installed F-Secure SENSE antivirus, although it integrates only with Chrome, Firefox and Internet Explorer, it scans all HTTP / 80 and HTTPS / 443 traffic regardless of installed browser. Under the license for the purchased equipment, it is possible to use the very good F-Secure SENSE antivirus on up to 25 devices at the same time. All other devices will still be protected, albeit not in the same way as with an antivirus agent installed. That is why F-Secure SENSE is recommended to implement, among others wherever a protective product is required to protect devices with systems other than Windows, macOS, iOS or Android. In addition, the solution of the Finnish brand perfectly fits into the modern requirements of companies - as an additional router with basic functionalities, as an additional access point and as an anti-virus protection.
The offer on F-Secure SENSE is financially more advantageous than the purchase of 25 business licenses of the F-Secure security product. However, it should be remembered that the router is devoid of a central console and several other modules, for example management of installing system patches and third party software and peripheral devices management. There is also no central scanning using the local console to relieve work stations from this task, or even the protection of mail servers. F-Secure SENSE is not able to replace Finnish brand solutions that are designed to protect business environments. F-secure Sense is therefore targeted at individual users and small businesses, while for more demanding users the manufacturer has prepared business solutions that meet the above requirements.
The F-Secure SENSE anti-virus agent installed in Windows or other supported system is the equivalent of the well-known F-Secure Internet Security product. Despite this, systems that can not be installed on an antivirus agent are also protected. F-Secure SENSE against the background of ordinary routers is distinguished by the fact that in the second (data link), third (network), fourth (transport), fifth (session) and sixth (presentation) network layer in the TCP / IP model protects all connected devices to the broadcast Wi-Fi network - regardless of the operating system. F-Secure SENSE based on the reputation of hosts and modules to detect and prevent intrusions blocks the IP addresses of C & amp; C servers and malicious domains from which malware is distributed.
F-Secure SENSE protects IoT devices
F-Secure SENSE has been designed to simultaneously protect any number of devices in one local network. The router is adapted to protect mobile devices with ARM processors and embedded systems, as well as modified Linux distributions. Thanks to "
agentless " technology, security m.in. IP cameras, TV sets with Android TV, modern home appliances, measuring systems and other IoTs are easier than ever before.
The F-Secure Sense router looks very attractive. Ascetic and modern design is suitable for places with an original arrangement. Nevertheless, we will not concentrate on matching the device to the style of the surrounding walls. We have prepared something better for this - a review and test of the security of the F-Secure SENSE router and antivirus.
Review of F-Secure SENSE
The F-Secure solution is equipped with:
- A dual-core 1GHz processor and 512MB RAM, including 1GB of built-in flash memory.
- s many as four built-in antennas 802.11a / b / g / n / ac supporting 2.4GHz and 5GHz frequency.
- One USB 3.0 port, which at the moment can be used as a charger. We have confirmation from the F-Secure company that in the future the firmware will be updated with the possibility of connecting eg a printer, an external drive, or even in emergency situations of GSM modem and obtaining a second link:
There are roadmap plans of potentially leveraging this into something along the lines what you mentioned, but currently there is no concrete feature for the USB port.
- comments for AVLab one of the engineers of F-Secure.
- Four RJ45 ports with 10/100/1000 Mb / s bandwidth (1x WAN and 3x LAN).
- Support for Bluetooth technology.
- An invisible, at first sight built-in LED display (indicates the time and system messages).
- The power port, which on the other hand has an adapter for the transition from the British to the European version of the plug socket.
- The F-Secure SENSE administrator application for Android. Only in this way is it possible to configure the router - for example, with one touch of the position on the screen it is possible to block Internet traffic for electronic toys that sometimes
Federal Agency Agency ( announces spy devices.
Installing the device on the network
Installing the device on the network is analogous to the instructions for dealing with other routers. The device can operate in several modes:
- With the modem from the telecommunications operator, as the primary router.
- With an already installed router, as a single access point for broadcasting one W-Fi network.
- With the currently installed router, as an additional access point, broadcasting an additional Wi-Fi network.
- As a wireless router that is connected to an ethernet socket in a building.
In the detailed manual, which is available on the manufacturer's website and in the same which is attached to the device when purchasing, a way was described to connect the router to the network. Installation and configuration takes place only through the Android application or iOS. It is not possible to get under the graphic interface from the browser on your computer. The management application for stationary systems has not been developed.
Installing the device once again, the procedure for passing several required steps in a mobile application is definitely easy:
- We turn on the device for power supply.
- On the back of the housing press the blue button that will switch the router into "
- In the Android app, we follow the instructions. In one of the steps, we rewrite the 4-digit PIN, which will be generated on the router's display, by pairing the router with the mobile application.
And that's all. The device is ready for work. Now you should also change the default name of the W-Fi network and set a strong password with as much as possible high entropy.>
Devices with Windows, macOS, iOS, Android and all others (Linux, Android TV and others) must be connected to the newly broadcasted network in order to be protected against Internet threats. Most modern devices are distinguished by the fact that they try to connect to the last remembered network - set as the preferred one. In order not to juggle the available wireless networks each time, just "forget" the old W-Fi network (if it continues to be broadcast) or simply disable it on the router.
First steps after installing the router on the network
Configuration is only possible via the Android and iOS application, but this is not the only limitation. The functionality of F-Secure SENSE is conditioned not so much by the management application itself, but by the router's software, which does not allow, among others, on port forwarding (access to a home NAS from outside without a second router will not be possible), create a DMZ zone, queue traffic, or limit the network speed for individual devices. That's all there is to do in more advanced routers. F-Secure SESNE is not a regular router - according to the manufacturer, the device has not been designed to completely replace the home router, but to protect an unlimited number of devices, which in one farm in a small space we have more. This dependence equally applies to small offices that gain protection of mobile devices, laptops and greater security of guest devices and accepted customers.
nstallation of the F-Secure SENSE antivirus on supported systems
In addition to securing Linux, Android TV and IoT devices, the F-Secure SENSE antivirus can be installed on 25 devices with Windows, Android, iOS and macOS simultaneously. Paired device to the network, simply redirect to "
http://sense.router " and choose the installer type. The local website provided by the router will suggest choosing the installer for the Windows and macOS operating system. The transition to the above Internet address from the mobile device will redirect the user to the application store.
Protected devices in the form of "
agent " will be protected not only by the local antivirus, but also a multifunctional firewall, which has always been missing in home F-Secure products for Windows and macOS.
F-Secure SENSE test
The F-Secure SENSE router was tested by the only distributor from Poland, ITD24 Sp. z o.o. from Chorzów. Our task was to check the technical capabilities and effectiveness of F-Secure SENSE security.
To do this, we used a system developed by us based on Ubuntu, which we use to perform automated security tests in Windows 10. The experiment was divided into two stages, which were carried out simultaneously on two separate devices:
- A laptop with Windows 10 has been connected to the network broadcast by F-Secure SENSE, but no additional security has been installed on it.
- The second laptop has been connected to another network so that the router does not block threats. The F-Secure SENSE anti-virus was previously installed on Windows 10.
So we have two identical devices. One was protected by a router and the other by an anti-virus.
We used 662 threats that came from our honeypots, ie traps whose main task is simulating the Windows environment and collecting malware samples as a result of attacks on various services issued to the Internet (eg HTTP server, HTTPS, FTP, SMB, MySQL and other). Among the samples used in the test, there were varieties of ransomware, Trojans, cryptocurrency excavators, Internet worms and backdoors.
The map below shows the current location of our honeypots, which are located in the following countries: Canada, USA, Brazil, Great Britain, the Netherlands, France, Italy, Czech Republic, Poland, Russia, India, Singapore, Japan, Australia, RPA:
Before each sample went to the machines with Windows 10 installed it had to be carefully analyzed. We need to be sure that only "100-percent" harmful samples will be allowed for testing. The situation, when the virus will not work in the system because it has been programmed for another geographical region, will never happen in our tests. Thanks to this, the readers and manufacturers are sure that the malware, which has been qualified for testing, is able to seriously infect the operating system, regardless of which part of the world it comes from.
Thus, before a potentially harmful sample was qualified for testing, one of the components of the testing system checked whether the malware surely introduced unwanted changes in Windows 10. For this purpose, each virus was analyzed for 15 minutes. The human factor excluded from the tests makes it impossible to ensure that eg the malware will cease its activity after 60 seconds. We need to set a certain time threshold after which the testing system interrupts the analysis. We are aware of the fact that there is such malware that can be delayed even up to a dozen or so hours before it is activated. It can also listen for connections to the C & amp; C server on an ephemeral port. There were also situations when a malicious program was programmed to infect a specific application or waiting to open a website. For this reason, we have made every effort to ensure that our tests are as close as possible to reality and samples that are "uncertain" that they will not be included in the test virus database.
After analyzing each malicious application, logs from malware activity were exported to the external part of the testing system. Based on the collected data, the developed algorithms decided whether a particular sample is undoubtedly harmful.
Here are examples of indicators that we capture in logs. They determine the malicious changes introduced to Windows 10:
uruchomienie procesu powershell.exe z parametrem:
powershell.exe -exec bypass -nop -W hidden -noninteractive IEX $($s=New-Object IO.MemoryStream(.[Convert]::FromBase64String('H4sIALhV2lgCA51W...A='))
edycja kluczy w rejestrze:
próba edytowania pliku HOSTS:
próba usunięcia, zmiana (szyfrowanie) testowych plików w lokalizacji:
The test for one malware sample took about 17 minutes. Considering that 15 minutes were spent on one analysis sample (and taking into account additional seconds needed for system rebooting, snapshot restore and other log collection and parsing operations) - with all this in mind, the test lasted continuously for 188 hours, more than 7 days without break.
As the F-Secure SENSE router provides protection for on the HTTP / 80 and HTTPS / 443 protocols (just like the F-Secure SENSE antivirus), the testing system provided all the threats to Windows 10 via these routes. Using a local DNS service, we could download any virus sample from another URL. For example (a debug section from the testing system console):
[2018-03-27 13:56:58.973] [INFO] [f-secure] Starting download sample1 from http://micro180shoft.com/exclusive//sample1 to C:\Users\perun\Downloads [2018-03-27 13:57:28.982] [WARN] [f-secure] Chrome killed, file should be downloaded and saved [2018-03-27 13:57:28.982] [INFO] [f-secure] Start checking if file: sample2 exists in C:\Users\perun\Downloads\sample1
[2018-03-27 14:14:18.373] [INFO] [f-secure] Starting download sample2 from http://micro214shoft.com/exclusive//sample2 to C:\Users\perun\Downloads [2018-03-27 14:14:58.182] [WARN] [f-secure] Chrome killed, file should be downloaded and saved [2018-03-27 14:14:58.182] [INFO] [f-secure] Start checking if file: sample2 exists in C:\Users\perun\Downloads\sample2
After the test, all malware checksums were provided to the manufacturer for verification. Readers who are particularly interested in testing and security, attach checksums of all 662 harmful samples used software.
Summary from the test for the F-Secure SENSE router
All 662 threats from real honeypots attacks (and later sent to test machines) were stopped by security technologies in the router at an early stage, before the viruses were written to the disk. The modules in the Internet traffic scanning router have been borrowed from the F-Secure business products, so they theoretically provide better protection on the HTTP and HTTPS protocols. In addition, none of the F-Secure products for home users has such advanced protection at the level of the firewall, because solutions for individual clients are deprived of IDS and IPS systems, which are very important nowadays because they detect attacks at an early stage.
Summary from the F-Secure SENSE antivirus test
Although all 662 threats were blocked at an early stage (in the browser or after being saved to disk), the anti-virus does not have an advanced two-way firewall. Both the F-Secure SENSE antivirus and the F-Secure Internet Security, F-Secure SAFE and F-Secure TOTAL versions use the built-in Windows 10 firewall. The F-Secure SENSE antivirus performs perfectly, detecting all samples.
We were very impressed with the effective protection of the router on the HTTP unencrypted protocol. The internet scanner technology has managed to detect all 662 malware samples.
Although the result is impressive, for greater safety, we recommend users to install an anti-virus agent available on the F-secure SENSE device. Malware can get into Windows completely different way. For example, the anti-virus may not block the URL, the virus may be downloaded from social networks, or even from & nbsp; domains encrypted with an SSL certificate outside the local home network. Delivering malware to the victim's computer via a removable disk, or even by a mail-based program (Thunderbird, Outlook and others), the infection vectors are also very likely.
For operating systems for which an antivirus agent is not available, the F-Secure SENSE router has a really important role to play in the local area network. In addition to this network, the installed antivirus program on the end device will continue to protect the operating system.
Does F-Secure SENSE make sense?
The F-Secure SENSE router can and even should be assessed individually. Each user or company will have a different opinion, including other requirements regarding the protection of devices on the network. If anyone needs basic configuration options - he will find it in F-secure Sense. If the client shares the opinion of the F-Secure manufacturer and needs to secure up to 25 devices using an anti-virus (and unlimited devices at the gateway level), F-Secure SENSE is probably the only purchase option available in the Polish distribution.
The cost of the F-Secure SENSE device with an annual license is exactly EUR 199. For this price, the buyer receives the option of agent protection up to 25 devices with Windows, Android, macOS, iOS and unlimited devices that will be protected in the form of an agentless (if connected to the broadcast network by the F-Secure router). The manufacturer retained in the device several types of technologies that, when combined with each other in an invisible and do not require specialized configuration, protect all devices, regardless of whether an anti-virus agent is installed on them.
The manufacturer mentioned that the current functionality of the port, which is limited only to the loading of devices, will be extended by the ability to connect network devices.
The purchased license is valid for 12 months. After this time, all protective functions of the router will be deactivated. & nbsp; The customer will be able to pay an annual subscription (99 euros) for maintaining protection. Delivery of updates for the firmware will be available without a license.
The F-Secure SENSE Router is covered by a 2-year warranty in countries within the EU and 1 year warranty in all other countries. The guarantee can be considered by the local seller in the given country and is carried out at the manufacturer's expense. The end customer does not bear any additional fees.
Differences in protection between F-Secure anti-viruses without a router and router protection, are shown in the accessible table on this producer's website.
The F-Secure SENSE device for the review and test of the company provided ITD24.pl sp. O.o. from Chorzów , distributor of F-Secure solutions in Poland.
Add new comment
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.