Comments on: TenTec Omni VII — a great idea, but not too secure

By: Mike

Mike — Fri, 18 Dec 2009 21:21:16 +0000

I think you are all making a mountain out of a mole hill here !

It's really very simple to secure the radio, just use Open-VPN or the VPN services of your internet router!

By: George Fryer

George Fryer — Sun, 15 Feb 2009 20:43:37 +0000

I know this is an old subject but IF you ever go back to this in the future I have another gripe. In addition to the problems which you point out with security, the one thing that bugged me when I set my OMNI up was changing the PORT and PASSCODE. To change these from the default required incrementing up (or down) from the default setting using the multi-knob. I would expect most users would stop at a lower PORT and PASSCODE (a -yuk- keep the defaults) because to get to the higher number takes a lot of work. This reduces the effective 1 in 64K of hacking. The Omni has a 0-9 keypad but I could find no way of using it to change the PORT or PASSCODE.

By: Steve Westfall

Steve Westfall — Tue, 11 Dec 2007 18:21:26 +0000

Great discussion, with a lot of food for thought. I'm very interested in the Omni VII and would like to have secure access via the Internet if the security issues are ever worked out. However, I would like to point out that the functionality offered by your "Case 1" is nothing to sneeze at. Being able to access my transceiver via my wireless network from a laptop anywhere in the house is very appealing to me. I would be able to operate without hiding out in the basement where my station is located. That's a valuable capability in itself. 73, Steve ** Mike says ** Absolutely. No argument there. It's only when you make the radio visible to the Internet that I get cranky. I wound up buying a Kenwood TS-2000 and marrying it up with an Internet-controlled power-outlet, partly based on W5NTQ's post up above. Click HERE for a link to the block diagram of the rig as I'm running it right now. It's pretty much Case 3 above, but the PC is doing more work because it's also hosting the remote-control software. I'm really liking that setup.

By: KZ0C - Mike O’Connor » Blog Archive » TenTec Omni VII — a great idea, but not too secure

Sun, 21 Oct 2007 21:18:34 +0000

[...] link to the post [...]

By: Mike O'Connor

Mike O'Connor — Fri, 12 Oct 2007 19:28:23 +0000

Argh -- Sorry about the pictures being broken RJ. I sold the haven.com domain a while back and missed those links when I updated this blog. Should be working now.

By: RomeoJava

RomeoJava — Wed, 10 Oct 2007 15:49:45 +0000

I agree with the VPN comment by Joe VK4TU if not having a PC switched on is a key requirement. Quite a lot of home routers support not only VPN pass-through but also acting as VPN endpoints now. Agreed it is a pain setting it up and there may be problems depending on the policy of the network you want to access it from but think of the other possibilities that a VPN will bring. Oh, btw. your images of the various set-ups seem to be linking to haven.com, not haven2.com for me which means I get redirect to a camping website!

By: An Engineer’s View » Blog Archive » Network control of TenTec Omni VII

Sat, 08 Sep 2007 02:19:06 +0000

[...] � http://www.haven2.com/index.php/ham-radio/122#comment-8337 [...]

By: John

John — Sat, 08 Sep 2007 02:04:15 +0000

Ten-Tec should not promote this radio as Internet ready. This implies, as you suggest, some level of expertise at Internet server security. They should, instead, promote it as "network" ready which suggests Ethernet plugability.

With that description we get the idea this is a device with the convenience of network control, but no expectation of security.

This puts the user in control over how to make any network device available from the Internet using items for just that purpose.

Nobody should expect TenTec to make a radio that is secure on the public Internet for the same reasons we don't expect the same from a network printer.

Great radios and cool ways to control it should be the domain of TenTec.

Secure ways to control this radio over the Internet squarely belong in the realm of IT professionals and proper purpose built secure routing equipment.

73
John

By: Joe VK4TU

Joe VK4TU — Wed, 27 Jun 2007 11:06:28 +0000

Alternately go and buy yourself a Cisco router and use their VPN software to IPsec tunnel into your router giving yourself a local (not Internet) address. This gives the security of #3 without the PC. I'm sure that there must be some home router that can do something similar.

It certainly looks very interesting but it would be nice to find out what codecs they're using - the quoted bandwidth is ridiculous for a comms device. I'd expect about 30Kbs not 150Kbs

73,
Joe VK4TU

By: Dave

Dave — Thu, 17 May 2007 00:44:35 +0000

Just put a challenge response device in front of the radio and use a DHCP service rather than static IP. Then subscribe to a dynip service, take two apserin and stop obsessing. Hackers and script kiddies have no interest in ham radio and terrorist don't really care either.

I suspect one chip could provide the good features in the radio that are currently missing but I doubt we'll see it.

The one thing you missed in all of your fearfulness is that most of the time the radio is turned off. That drops the risk significantlyk and is nothing like having a full time broad band connection with the back door open. The other point is hackers are looking for doors that lead to something that contains credit card information or something of value...I will bet you that you can hang that radio on a DSL line, leave it on all the time, and never get a hit from a hacker - The O7 is just not what criminals and dirt bags are looking for these days. It is valueless to these low lifes. If you put a PC in front of it with an operating system then you better fit the target specs of the hackers.

I've operated Interntet remote stations for over seven years...usign the PC, PCA, router combo. Never had a problem. Then again, the system is on dial-up so perhaps the hackers are just not interested in the slow connections, haha.

A very nice write-up and like you I would have been happier with TENTEC if they had put a bit more into the Internet interface architecture. But hey, perhaps O7A will have the right stuff.

73,
dave
wa3gin