Security Model(Policy) for WAN?

  • 1
  • Question
  • Updated 4 years ago
  • (Edited)
Do we have any concrete idea of security policy, security model when we talk about connecting Flex6000 directly to WAN?
Connecting to WAN is not an issue of software, authentication and authorization (many software are available), but how it is implemented upon the needs of individual station situation - requiring flexibility to implement the individual policy and how easy to implement it is the key.   Also, the IP packet may need to be encrypted to prevent from others taking over - stealing.

Are these all the responsibility of the firmware in Flex6000?
  
Is not it better to have "Station Control Master" that manages authentication/authorization, encryption of the communication, address translation to connect to Flex6000, station power switches, antenna tower, rotor, linear amps, and safety monitors, camera, video?

I believe that the firmware is better focus more to improve the quality of receiving and transmitting abilities, like pre-distortion, better NB, NF, etc to make Flex6000 superior to other competitors and not serve much for peripherals like security.


Just for your thought to V2.0  (Too early to mention?)

de JI1BNU, JA2IYJ/1
Ken Yamada
Photo of Takeshi Yamada

Takeshi Yamada

  • 168 Posts
  • 48 Reply Likes

Posted 4 years ago

  • 1
Photo of Chris DL5NAM

Chris DL5NAM

  • 567 Posts
  • 126 Reply Likes
Let the boys at Flex do there job. We still wait for real diversity (with GPS), for full WAN support and other things.

How do you secure a NAS, a server, a PC, a local network? With a station control master?
Flexradio is a normal IP device with a MAC address in WAN like every other Ethernet device.

And what secret data's included in your Flex? Your config of function keys? Your setup? :-)

Do you worry any hacker can hear what you talking via radio? :-))

So start your security at your router/firewall. That's the door to your LAN. Not the Flexradio!
It's your job, not Flex.
Photo of Takeshi Yamada

Takeshi Yamada

  • 168 Posts
  • 48 Reply Likes
That is exactly what I wanted to say. 
If the current server/client model being extended to WAN, the server, firmware, needs to take care of security.  However, I believe that it is the job of the another software like application server and may not be the job of FRS.
Client side SmartSDR is a different story.  I expect it handles multiple server access at the same time, synchronize frequencies for experimenting DoIP - diversity over IP using DAX IQ from each server.  I do not know if it is a workable idea or not.

Paradoxical question may not be within my capability of English and may make confusions.

73 de JI1BNU, JA2IYJ/1
Ken Yamada 
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 534 Posts
  • 210 Reply Likes
As the the underlying OS for the 6000 family is a Linux distribution, the ability to secure the application and network traffic using robust controls should be a relatively known quantity and straightforward conceptually.  There is hard work ahead for FRS Engineering team to be sure, but fortunately they will not be rediscovering the wheel.  

The receive and transmit voice data will very likely be encapsulated by an audio CODEC. The likely candidate for this CODEC will be (is) an open standard. However, it not will not be, by any stretch of the imagination. ubiquitous on the internet such as a MP3 CODEC would be.  Without the appropriate CODEC client installed on the remote computer, the Flex 6000 audio data stream is useless. This could be considered a soft level of security through obscurity.
Photo of Takeshi Yamada

Takeshi Yamada

  • 168 Posts
  • 48 Reply Likes
Yes, I understand that there are many softwares for security available and OS itself is robust enough as I myself have been playing with FreeBSD since it was called 386BSD.
I just wanted to say paradoxically that FRS devotes to the performance improvements rather than networking.   Seemingly, it was not understood that way.

73 de JI1BNU, JA2IYJ/1
Ken Yamada