If you run locally, fine for now. However, if you aim to run remote it
will not suffice. Also, today we have to think more about security in
depth, so one have to consider if one machine is breached, then the
others will be wide open if you overly consider the local net as safe.
Therefore to a higher degree will real security be needed even for only
operating on the local net. To put it bluntly, it's bad enough that they
take one of your machines, but all of them?
This realization means that NAT does not provide much protection these
days, and VPNs between NAT regions is not really helping.
Trouble is that I aim to also operate my K4 for remote operation over
the network. I want to make sure that we do it on a sufficiently
future-proof path, and SSH/TLS/DTLS is the low hanging fruit to get
pretty much directly up to speed on some of the basic stuff. It's of the
shelf and well established.
I did a port-scan, and there where quite a bit of open ports there. What
they do remains undocumented. Being able to turn them off to reduce
attack surface would be appreciated.
Seems my little side-comment blew up as a separate topic.
Cheers,
Magnus
On 2022-02-09 09:29, Victor Rosenthal 4X6GP wrote:
Most home routers have NAT (network address translation). Does this
provide adequate security for this application?
If not, why not? Serious question, not a challenge!
73,
Victor, 4X6GP
Rehovot, Israel
CWops #5
Formerly K2VCO
https://www.qsl.net/k2vco/
.
On 09/02/2022 10:00, Henk Remijn PA5KT via Elecraft wrote:
The K4 is accessible through telnet on port 9200.
No security.
It is always a good idea to have security but I would prefer to have
the telnet without security and put the security in the network.
Make sure you have a good firewall between the internet and your
radio equipment. Dont trust your internet provider. Always put a
firewall between your internetprovider firewall/router en your home
network.
73 Henk PA5KT
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[email protected]
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [email protected]
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[email protected]
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [email protected]
