Thanks Stu! I’ve definitely wondered about this when I first started using Winlink. I just kinda operate with fingers crossed and presume most hams are good actors.
@AG6AG2 жыл бұрын
We have a great community. I don't thing the writers of the ham radio software programs would intentionally code in bad things. The real problem is software that gets orphaned. When a package gets forgotten and is not maintained, it's time to find something new... Stu AG6AG
@jeff-732 жыл бұрын
One other comment to add... the best way to break into a brick house is through the window. Often while people spend so much money on securing their home networks, encrypting their traffic, annual or monthly security subscriptions etc, locking all their digital possessions and backing them up... and then get that Bluetooth toaster oven or that ip home security camera that was last patched in 2003. It's not so much that the world wants access to your radio or even personal info... your cpu, bandwidth and storage is like gold and access is traded as simple as making a bitcoin purchase.
@AG6AG2 жыл бұрын
Hi JJ, Aw yes... The IoT. I'm kinda old school but I do think that all these LoT devices should be on a DMZ that has actual physical separation from the main home network. It's sad that the manufacturers of home security gateways (actually not much more then just a nat router) don't offer multiple lan ports (or at least VLAN capabilities) in their residential devices. That said, the learning barrier to the home user is a bit hard to get over... We can hope for change, but the training curve and economics may be the biggest barrier. Stu AG6AG
@jeff-732 жыл бұрын
Yeah I figured you had a solid background, And yeah solid points above. I personally don't recommend non-tech savvy folks to run their own vpn. The reasons for this go too deep to explain here. One example is I found a MASSIVE security hole in asus routers that did some very very bad things. They were at least good enough to match me with an engineer and they created an updated firmware. Its stupid things like this that even if the home user does it right, they are still screwed. Monitoring a dmz properly is a bit much for the average user today i find. I am right there with ya re *nix Thanks for the great reply. New subscriber here.
@jeff-732 жыл бұрын
@@AG6AG btw VE3WWJ 73 mate
@Malibyte562 жыл бұрын
Thanks, Stu - very entertaining video! I have to admit that I've never seen an IPv6 address as an error message/BSOD code! Have to admit that I have not thought about the apps we use as targets for crackers, but you're right, it is possible. I have set up WinLink but can't make a connection with it to save my life. I do recommend WireGuard for people who want to set up their own VPN. I use it and it works well.
@AG6AG2 жыл бұрын
Well, you caught me... I needed to makeup a BSOD so I just grabbed the closest HEX string I could find! *SMILE* Hope you have luck getting Winlink talking. Stu AG6AG
@jeff-732 жыл бұрын
A lot of good information here. The personal vpn/firewall setup is the best in terms of monitoring, accounting, and control but its also the easier to mess up leaving massive security holes. There are better solutions out there for the typical person that reduces these risks and regular maintenance that (should) go with it. Its better to use a well known third party company to establish an ssl (to a single end user sandboxed system for those more paranoid) connection sort of like a reverse proxy. The end user calls *initiates* the tcp/ip connection. This way you don't have to have your WAN egress constantly listening to the entire world... even if u use port knocking and such. Another problem is that while you have to use a bit of trust to the developers to do the right thing, it is not uncommon where the downloads for the software is forged and made it appear it's from the original developer. With the age of ham software and places like sourcefordge to download you will want to verify digitally the files are not manipulated. You did amazing covering what you did in a 20 minute video. I am a newish HAM with a career in IT security for the past 20 years. I am truly happy to see someone talking about security and then blindly pushing ______ vpn services toss out buzz words to give people the warm fuzzies when in fact they lost all their "privacy". A multi part video series around security would be a great contribution to the HAM community. I cringe often when i goto ham social media groups and see some of the things folks are doing. Feel free to reach out if you have any questions. 73, VE3WWJ
@AG6AG2 жыл бұрын
Hi JJ, Yeah, I have been involved with edge security for clients since the mid 90s. That's when this newfangled thing called the Internet moved into the private sector. Back then all we had were Cisco access lists and the established bit to work with... Once the processors got fast enough do deal with large scale NAT, things got a bit different. Sadly, many of the concepts of code verification using tools like file signatures and code signing are leaps and bounds beyond the normal end user. Is md5sum and shasum available in a native windows install? Aw yeah, VPNs. Again, not VPN services but actual private VPN connections. Hard to setup and even harder to setup right. But, when done right, they can be a lifesaver. Just a final note, I've been using Linux based routing and firewall devices for my clients for many years. Using ipables and nftables for firewall construction, and for VPN software, my goto is OpenVPN (Community Version). They have served me well over the years. Thanks for sharing your thoughts, and great to hear from a fellow network geek out there! Stu AG6AG