PS:
As another respondent said. The "Best" way to get remote access to
anything (regardless of OS) is a proper VPN. But, do not underestimate
the learning needed to "do it right" especially for systems that have an
embedded OS.
(We are not talking about the "consumer" VN's that hide your internet
traffic from your ISP, or other websites. In this case were talking
about a dedicated point to point VPN. A totally different beast, though
behind the facade, the background processes are similar.)
If you use an intermediate Router, between your K4 (and other shack
stuff) and your home router, then it is the intermediate router that
needs to have a VPN endpoint running. Or, have a PC with multiple LAN
cards, that itself can work as a router/VPN end point.
But, then you also need a VPN on your remote client PC/device to work
with it, and you need to religiously keep that PC up to date. A
Raspberry Pi could do the task for example, at both ends.
Yes, it is the "way to go", but as above, do not underestimate what you
need to learn, so as to do it correctly, else it could be as bad as a
wide open system.
Look up Wireguard for example (the new shiny easy to deploy custom
(free*) VPN. Or, OpenVPN (also free*) but though that is time-served
and proven, but it is not trivial to configure correctly.
(* Free, as in no $ cost, just time to learn and configure. There are
some scripts that can do most of the work for you, but again, you need
to trust the author of such scripts to have done things correctly,
including not including any cracks or back-doors!)
Firstly, decide what you want to do now, and perhaps in the future, and
plan things.
73.
Dave G8KBV(G0WBX) "NOT" a security expert! Just a user who knows a
little more than most.
-------- Forwarded Message --------
Subject: Re: Elecraft Digest, Vol 219, Issue 2
Date: Sat, 2 Jul 2022 12:02:49 +0100
From: Dave B <g8kbvd...@googlemail.com>
To: elecraft@mailman.qth.net
Hi.
At the very least, see if the embedded Linux it uses (what version of
what distro, anyone know? I've not seen anything re that mentioned...)
has a firewall facility you can invoke and setup. Even if it is only
possible from the command line. They can have full network
connectivity, but still be invisible to random port pokers, plus rules
can be setup for what you "Want" to do, and still protect against what
you don't want to happen. (Remote file access etc.)
If you setup for remote access via SSH, then read up how to use
Certificates for authentication, and not rely on passphrases.
A semi instant solution, would be to "hide" the K4 behind a reconfigured
wired router. That way, it can reach out for any authorised updates,
but nothing can "see" it from the rest of your LAN. (Unless you "need"
it, in which case, that extra router can be configured to do so.
Effectively much like a hardware firewall. But make sure that routers
own OS is all up to date too!)
You could put other Shack connected stuff on the same protected LAN as
well, if needed. Else, see if your existing router can create and
manage an isolated VLAN for the K4. Preferably on a separate physical
cable run.
Linux as a whole is less troublesome than "some other" OS re malware,
but it does exist, also so do vulnerabilities. It is just that most
Linux users would spot a behavioural change and go searching for stuff
to kill off.
(If you think Windows updates too often, you aint' seen nothing yet,
security updates are issued as needed, not waiting for one batch a
month! But with most Linux's, updating, even a kernel update is only a
few minutes of your time, not hours like that "other" OS)
Because of that, it is less targeted by the usual bad guys, but sadly
that is beginning to change. :-( Thankfully though, Linux generally has
the tools to do manage that and protect itself without needing to
download other stuff. But it does need time and learning how to do so.
If you are really concerned, do not connect your K4 to your LAN, except
when needed (official updates etc.) Or if you "Need to" (Remote Shack
working etc) then plan it, and install the needed protective devices
(dedicated firewall router for example) to hide it behind.
The first thing to find out, is just which embedded Linux is used in the
K4, and what protective tools are provided as standard. If there is not
even a firewall to use, I'd be asking serious questions of Elecraft as
to why such was left out.
73.
Dave G0WBX(G8KBV) I gave up with Windoze for my own computing needs
over 7 years ago now. Not regretted it one bit.
On 01/07/2022 23:27, elecraft-requ...@mailman.qth.net wrote:
Date: Fri, 1 Jul 2022 13:39:51 -0300
From: gordon young<gngyo...@gmail.com>
To:elecraft@mailman.qth.net
Subject: [Elecraft] Elecraft K4 Ethernet Vulnerability
Message-ID:<097588cf-06dc-46a8-84ed-459e824af...@gmail.com>
Content-Type: text/plain; charset=us-ascii
Ladies and gentlemen,
Perhaps this is old news to some however I thought it worth asking
before my radio arrives. Given the K4 now has direct Ethernet
connectivity, how vulnerable is it to malware, bugs, worms and bad
internet stuff in general?
What is recommended for the radio itself besides protecting the
associated computer? For example, should a VPN be used or is the risk
considered low enough to disregard?
Thanks in advance
Gord
VE1GVY
K4 wannabee
--
Created on and sent from a Unix like PC running and using free and open source
software:
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:Elecraft@mailman.qth.net
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to arch...@mail-archive.com