Author Topic: Any way to stop changes to Radio RRC via Setup Manager over LAN?  (Read 2163 times)

K3TN

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
We have password control turned on for the web interface. That seems to stop changes from any who don't know the password.

However, we recently had an issue where a remote user was VPNed into the radio LAN and started up Microbit Setup Manager to check version of his local Control RRC. The "finder" showed him both his local Control RRC and the Radio RRC at the remote site - and he accidentally changed the IP address of the Radio RRC to a local 10. IP address, knocking it off the air.

Took a while to figure this one out, since I didn't realize Setup Manager could even be used other than for direct USB connection and the remote site is a 90 mile drive...

Is there someway to apply password control for any remote changes made via Setup Manager?

73 JOhn K3TN

Jan (Microbit)

  • Software Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 1796
    • View Profile
    • Email
But the way the "Finder" works it should be able to find and configure the RRC regardless of the IP address, net mask, etc, being valid for the PC running it. Meaning you should have been able to use it to re-configure the RRC remotely.
Always include type of hard/software and version when asking for support.

K3TN

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Yes, Setup Manager does work to allow remote setup, but anyone on the LAN or VPNed in to the LAN can do that!

We have 6 or 7 operators who remotely operate one K3/Radio RRC configuration. Only two of us have the web interface password for the Radio RRC - but apparently all ops can use the Setup Manager and much with the RRC IP settings.

So, the question is: anyway to limit Setup Manager access via password to limit such access?

Jan (Microbit)

  • Software Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 1796
    • View Profile
    • Email
My reply was to "the remote site is a 90 mile drive..." which I understood like you had to drive those 90 miles to fix the config error.

As for protecting using password I think you have answered your own question by finding out about the current way things work. It's a classic dilemma with ease of access versus protection against every type of (mis)use. I guess it could be changed so once a 'modify password' has been set in the RRC one would have to enter that in Setup Manager to be able to configure the network settings. Or do you see any drawbacks with that?
Always include type of hard/software and version when asking for support.

dj0qn

  • Hero Member
  • *****
  • Posts: 2006
    • View Profile
    • DJ0QN / K7DX
    • Email
John, I think what Jan means is that you can correct the mistake by using Setup Manager remotely through
the VPN as well. It doesn't prevent it from happening, but a 90 mile drive should not be necessary.

73,
Mitch DJ0QN / K7DX

K3TN

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Thanks, Mitch/Jan - I shouldn't have mentioned the 90 mile drive! Until I figured out that Setup Manager worked over the VPN, I thought I had to make that drive!  Rick N1Rm actually figured it out and reconfigured the Radio RRC.

So, the good news is that feature saved us that drive.

The bad news is lack of access control to that feature enabled someone 2,500 miles away to change the Radio RRC to a 10. address because he thought he was actually accessing his local Control RRC! Definitely his mistake, but as we add operators the odds continue to climb that others may make that mistake again.

I understand the tradeoff -  a forgotten password would then require that drive. The lack of security also makes it easy to recover, but personally I'm in favor of avoiding mistakes where possible. I've worked in computer/network security for over 35 years now, and lack of passwords (or use of hardcoded passwords) is at the root of much evil!

So, I'd be in favor of an option for requiring authentication (or direct USB connection) for changing the IP address of a Radio RRC.

73 John K3TN