[HamWAN PSDR] Questions
Jeff Francis(tm)
jeff at gritch.org
Tue Mar 11 17:11:38 PDT 2014
If you put your modem outside of your firewall (which is where mine is,
in spite of the fact that I haven't successfully connected yet), your
exposure is no worse than being attacked from another host connected to the
HamWAN network*. You *do* have a firewall on your network, right? ;^)
* Well, ok, speaking as a professional security geek (which is what I do
for a living), it *is* in fact very slightly worse. Assuming the firmware
of the modem could be compromised to launch attacks, it's a
higher-bandwidth lower-latency connection to pound on your network from,
which, in theory, is less secure. But given the speed of the HamWAN
network, the delta is pretty small, and given that the modems run a
semi-proprietary (and fairly uncommon) OS, the odds of the modem itself
becoming a leapfrog platform for staging attacks are pretty insignificant.
And again, assuming you've got a halfway decent firewall in the middle
(ie, not just a cheap consumer device that does NAT, but an actual
firewall), I wouldn't worry about it.
Jeff N0GQ
On Tue, Mar 11, 2014 at 4:27 PM, Nigel Vander Houwen <nigel at k7nvh.com>wrote:
> To add to what Cory said,
>
> The goal is not to remove control or access from the user. It's simply for
> network management. It's very much an experimental network, so if you
> choose not to allow admin accounts on your modem, the network may change
> and you will be responsible for maintaining it yourself.
>
> I'd also like to bring up a parallel with other commercial ISPs. You end
> up in the same situation. For example, with comcast, you can either rent a
> modem from them, which they have full admin control of, and may not give
> you any access at all, or you buy a modem yourself, and configure it to
> work with them, and any issues or changes are your own responsibility.
>
> For us the problem is far more significant. The HamWAN network is changing
> and evolving all the time, unlike a network like comcast's which is
> relatively stable. The methods of connecting / authenticating to the
> network will change, and you should be prepared for that if you decide
> that allowing a few trusted users on your modem is an unacceptable risk,
> despite these users having full administrative access to ALL of the rest
> of the HamWAN network routing your packets.
>
> In any case, as Cory said, it is your choice, but the recommended one is
> what's documented on the wiki instructions.
>
> Nigel
> K7NVH
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
--
-=jeff=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140311/c586a481/attachment.html>
More information about the PSDR
mailing list