Hi.
At the very least, see if the embedded Linux it uses (what version of
what distro, anyone know? I've not seen anything re that mentioned...)
has a firewall facility you can invoke and setup. Even if it is only
possible from the command line. They can have full network
connectivity, but still be invisible to random port pokers, plus rules
can be setup for what you "Want" to do, and still protect against what
you don't want to happen. (Remote file access etc.)
If you setup for remote access via SSH, then read up how to use
Certificates for authentication, and not rely on passphrases.
A semi instant solution, would be to "hide" the K4 behind a reconfigured
wired router. That way, it can reach out for any authorised updates,
but nothing can "see" it from the rest of your LAN. (Unless you "need"
it, in which case, that extra router can be configured to do so.
Effectively much like a hardware firewall. But make sure that routers
own OS is all up to date too!)
You could put other Shack connected stuff on the same protected LAN as
well, if needed. Else, see if your existing router can create and
manage an isolated VLAN for the K4. Preferably on a separate physical
cable run.
Linux as a whole is less troublesome than "some other" OS re malware,
but it does exist, also so do vulnerabilities. It is just that most
Linux users would spot a behavioural change and go searching for stuff
to kill off.
(If you think Windows updates too often, you aint' seen nothing yet,
security updates are issued as needed, not waiting for one batch a
month! But with most Linux's, updating, even a kernel update is only a
few minutes of your time, not hours like that "other" OS)
Because of that, it is less targeted by the usual bad guys, but sadly
that is beginning to change. :-( Thankfully though, Linux generally has
the tools to do manage that and protect itself without needing to
download other stuff. But it does need time and learning how to do so.
If you are really concerned, do not connect your K4 to your LAN, except
when needed (official updates etc.) Or if you "Need to" (Remote Shack
working etc) then plan it, and install the needed protective devices
(dedicated firewall router for example) to hide it behind.
The first thing to find out, is just which embedded Linux is used in the
K4, and what protective tools are provided as standard. If there is not
even a firewall to use, I'd be asking serious questions of Elecraft as
to why such was left out.
73.
Dave G0WBX(G8KBV) I gave up with Windoze for my own computing needs
over 7 years ago now. Not regretted it one bit.
On 01/07/2022 23:27, elecraft-requ...@mailman.qth.net wrote:
Date: Fri, 1 Jul 2022 13:39:51 -0300
From: gordon young<gngyo...@gmail.com>
To:elecraft@mailman.qth.net
Subject: [Elecraft] Elecraft K4 Ethernet Vulnerability
Message-ID:<097588cf-06dc-46a8-84ed-459e824af...@gmail.com>
Content-Type: text/plain; charset=us-ascii
Ladies and gentlemen,
Perhaps this is old news to some however I thought it worth asking before my
radio arrives. Given the K4 now has direct Ethernet connectivity, how
vulnerable is it to malware, bugs, worms and bad internet stuff in general?
What is recommended for the radio itself besides protecting the associated
computer? For example, should a VPN be used or is the risk considered low
enough to disregard?
Thanks in advance
Gord
VE1GVY
K4 wannabee
--
Created on and sent from a Unix like PC running and using free and open source
software:
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:Elecraft@mailman.qth.net
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to arch...@mail-archive.com
