SmartSDR network authorization?

Andy - KU7T

As far as I can see there is no application authorization built into the flex radios and SmartSDR. Wouldn't that mean that anyone on the same local network can take over my radio?  

Scenarios I can think of: 

Malicious user picking up Wifi outside a contest station
computer virus that got control over my network.
hotel network, 
etc.


Ideally, it would be great if there was a way to add an IP white list or similar.  Or only allow SmartLink, even when local...   Am I paranoid?


73
Andy
KU7T

rfoust

Yeah I'd say that's being overly paranoid.  Just keep Windows patched and run some kind of antivirus software and you'll be fine.  I'm not aware of any ham radios being the target of hackers at this point.  It would be a lot of work for little gain on their part.

Robert Lonn

What about the 6600M on Air Force One!!!

Ria

Yep, no authentication as far as I can see. I do keep guests off my internal LAN, though.

Steve K9ZW

Security is always an interesting issue. As SmartLink requires access to the remote brokering server it brings its own issues to what is otherwise a local only issue. Of course SmartLink may not even work in many configurations. The SmartLink security would be deployed and in play in the hotel scenario, and pretty much covers most remote scenarios. Allowing unrestricted network access to a physical connected to that network radio would offer the unauthorized person great potential to manipulate your radio. It does make a lot of sense to maintain normal wireless security as well as normal physical security against rouge plug-ins. FRS has been prudently reticent to deeply explain all the various levels of authentication in use or undeployed. Security is the “calculations” that make exposures in like “calculated risks” protected from reasonable exposure while not made unavailable hidden behind odious protections. Usually security evolves and perhaps an ability to lock down on a LAN will be deployed to augment wireless passwording and physical network connection protect on that LAN. But most likely not until a threat rests its head. Protection at a good, better, best level of LAN protection schemes may be useful. For now keep your wireless passwords secure and perhaps avoid leaving outlets for your LAN exposed outside of your physically secure zone will do the trick. 73 Steve K9ZW

Andy - KU7T

Good, so I am not that paranoid. It seems appropriate in today's world to have some protection against intruders. Eventually.

It probably would not be too hard to use the SmartLink infrastructure to do authn/authz  99% of radios and computers can hit the internet, so that should work. With some configurable way to allow noauth, so networks that are not in the internet can still opt in to allow it.


Thanks
 and 73
Andy
KU7T 

Steve K9ZW

Believe the present SmartLink implementation brokers a connection via the external internet, which may bring more overhead than the security it might bring.

Thinking that an hacker dedicated and clever enough to interfere is perhaps not so likely to be thwarted by SmartLink. 

Everything in security comes down to the cost-vs-benefit analysis on several axis, and in our case usability comes very high.  There are costs in latency, immediate accessibility, introduction of artifacts, as well as economic issues that may offset the perceived security increase. 

And in the end the human risk factor of password security could unravel all the security enhancements.

You CAN limit your particular installation to avoid local access by how you configure your networks & sub-networks - notice the plurals as you would like to isolate your radio in a way that physical & wireless unauthorized access is disallowed, and that access from your working network would require the SmartLink brokerage.

Basically make your station internet based and remote, despite any close proximity.

There is a lot more that could be done, but to what end? 

73

Steve K9ZW