Dave DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with effectively. If a million zombie Macs decide to simultaneously attack your end point your best chance is as Rick states, a device that makes up the perimeter defenses such as a firewall or cyber security alternative (i.e router, IDP). Most homes don’t have anything particularly sophisticated deployed and are therefore somewhat vulnerable. In truth DDOS attacks are quite rare and typically not aimed at Citizen Dave or his neighbors. Protection albeit optimistic is really in the realm of a corporate network but even then we have a few cases where iconic sites get hammered and go dark. Enabling the K4 to defend against DDOS is a little like building a house to withstand random bits of ISS dropping in unexpectedly; not something I’m expecting to be paying for.
Unwanted ransomware or bitcoin mining programs are most likely the result of an unwitting end user at and end point (PC, Android etc) doing something that resulted in the malware ending up on their end point. Could be surfing to a suspect web site (www.PawnStorm4U.com <http://www.pawnstorm4u.com/>) or even going to a compromised but reputable site such as NASA.gov <http://nasa.gov/>. Alternatively, it could be someone opening a compromised PDF or Word/Excel attachment. The best protection here is to be cautious and mindful of what you do in the cyber world and absolutely make sure you are running the most uptodate OS (not XP) and to its most current patch level. Presumably but maybe not, the K4 won’t make available to the ham operator a browser that allows them to surf wherever nor an email client that they can read Excel attachments at the whim of the ham operator. That is best done outside of the K4. Hardening Linux, following best practices on coding and penetration testing are all things to be aware of and implement as appropriately. For those who might be interested in perusing details of some of these topics these links might be interesting; Secure Coding Practices https://msdn.microsoft.com/en-us/aa570401 <https://msdn.microsoft.com/en-us/aa570401> Hardening Linux https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.html <https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.html> Penetration Testing https://www.tenable.com <https://www.tenable.com/> With Elecraft’s proximity to Silicon Valley and presumably contacts abounding, I’m optimistic the K4 will do us proud and I won’t have to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of my K4. Paul W6PNG/M0SNA www.nomadic.blog <http://www.nomadic.blog/> > On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <wa6...@gmail.com> wrote: > > Much of that protection can be implemented at the router level (>90% of all > sites) and the internal linux (fairly bullet proof) will deal with the radio > talking to the world. > > It shouldn't be too difficult for Elecraft to refine security to the radio, > you'd only need a few ports of network access, which if required, could be > coded to set values (MAC address) up to the menu level... or limited access > into the linux side of the radio. > > I'm confident it has been considered and managed with the usual Elecraft > elegance. > > Rick NHC > > > On 6/3/2019 11:50 AM, Dave New, N8SBE wrote: >> So, let's let the elephant in the room bellow a bit. >> >> Ahem, CYBER SECURITY. >> >> Now that you've put a popular, modern OS in the K4, and hooked it up to >> Ethernet (and therefore the Internet), you've just opened a stinking >> pile of attack vectors. >> >> And please don't think that no one will bother figuring out how to 'own' >> such a powerful connected processor. If you spend anytime reading up on >> things like Distributed Denial of Service (DDOS) attacks, you will find >> that things like webcams and routers (which typically don't even have a >> 32-bit OS in them) have been marshaled to unleash frightening >> multi-gigabit attacks on various targets. >> >> Or, try the newest craze, dropping Bitcoin or other digital currency >> mining engines on unsuspecting machines, taking them over hog mode, and >> pegging the CPU at 100%, using your electric bill for their gain. >> >> Or, maybe the K4 will be the first ham radio to suffer from a >> ransom-ware attack, where the poor ham is asked to ante up some ransom >> (in bitcoin usually, to make it hard to track) to get control of his >> radio back. >> >> True, at least one or more other companies have already stepped out >> ahead, by putting Windows 10 in their radio. >> >> I'm just wondering if anyone at Elecraft has been tasked with dealing >> with the cyber security aspects of this new toy, and what plans you may >> have for outside pen testing, etc. have been made. >> >> At the very least, you should be using authenticated boot and >> authenticated flash, protected by a root certificate in an internal >> hardware trust anchor. >> >> 73, >> >> -- Dave, N8SBE >> >> -------- Original Message -------- >> Subject: Re: [Elecraft] K4 and Linux Infrastructure >> From: Wayne Burdick <n...@elecraft.com> >> Date: Sun, June 02, 2019 11:52 am >> To: Leroy Buller <lee.bul...@gmail.com> >> Cc: Elecraft Reflector <elecraft@mailman.qth.net>, Lee Buller >> <lgbul...@k0wa.com> >> >> x86, not PI (ARM). It's the controller for internal/external displays >> and streaming I/O, runs the server for remote clients, and serves as the >> present/future app engine. >> >> Additional details pending. >> >> 73, >> Wayne >> N6KR >> >> >> >> ______________________________________________________________ >> Elecraft mailing list >> Home: http://mailman.qth.net/mailman/listinfo/elecraft >> Help: http://mailman.qth.net/mmfaq.htm >> Post: mailto:Elecraft@mailman.qth.net >> >> This list hosted by: http://www.qsl.net >> Please help support this email list: http://www.qsl.net/donate.html > ______________________________________________________________ > Elecraft mailing list > Home: http://mailman.qth.net/mailman/listinfo/elecraft > Help: http://mailman.qth.net/mmfaq.htm > Post: mailto:Elecraft@mailman.qth.net > > This list hosted by: http://www.qsl.net > Please help support this email list: http://www.qsl.net/donate.html ______________________________________________________________ Elecraft mailing list Home: http://mailman.qth.net/mailman/listinfo/elecraft Help: http://mailman.qth.net/mmfaq.htm Post: mailto:Elecraft@mailman.qth.net This list hosted by: http://www.qsl.net Please help support this email list: http://www.qsl.net/donate.html
