[aprssig] Information for security assessment for APRS
Curt, WE7U
archer at eskimo.com
Sat Aug 1 18:59:01 EDT 2009
On Sat, 1 Aug 2009, William Gery wrote:
> Several of our National Weather services offices use xastir and ui-view
> for gathering weather reports and communication with SKYWarn operators
> in the field. Others offices would like to develop this capability.
>
> In order to keep these systems connected we are required to perform a
> security assessment for these systems. This is especially true to
> connect host to the office LAN with access across our internal network
> to the internet APRS servers.
>
> Is there some federal agency that has already performed the
> assessment ? If so that would help speed up the process. Both the RF and
> LAN/WAN connection need to be addressed.
As far as I know the only "security assessment" that has been done
for Xastir involved looking for specific dangerous system calls in
the code and rewriting those bits of code. Done by the Xastir
developers.
I know of no outside security audit that's been done. Of course the
source is available so if someone wants to look through all
100,000+ lines of code, feel free!
--
Curt, WE7U. <http://www.eskimo.com/~archer>
APRS: Where it's at! <http://www.xastir.org>
Lotto: A tax on people who are bad at math. - unknown
Windows: Microsoft's tax on computer illiterates. - WE7U.
The world DOES revolve around me: I picked the coordinate system!"
More information about the aprssig
mailing list