Technical Documentation
IN THIS ARTICLE

Incorrect email!

The article was successfully sent to the email

This article describes encryption methods, credential protection, development security practices, and operational security recommendations for TRBOnet systems.

Between MOTOTRBO Network and Server

Supported MOTOTRBO privacy types:

  • Basic Privacy (Key ID)
  • Enhanced Privacy (ARC4, 40-bit)
  • Enhanced Privacy (AES-256)

AES-256 is available in TRBOnet Plus only. Requires the AES Privacy license on TRBOnet Plus and on MOTOTRBO radios.

Between Server and Dispatch Console

TEA encryption for data only.

TRBOnet Encryption Diagram

Between Server and Mobile Client

Starting from Enterprise and Plus 6.3, communication can be secured using TLS (AES-128).

Mobile Client Encryption Performance

Stored Credentials Encryption

The TRBOnet Database stores user passwords encrypted using TEA.

The Server configuration file stores passwords, privacy keys, authentication keys, and Dimetra Express login details encrypted using TEA and Rijndael.

Application Security Overview

Development Practices

  • TRBOnet applications are developed to be resistant to common security vulnerabilities.
  • Development follows www.stigviewer.com
  • Security issues are evaluated after release and addressed through regular updates.
  • Critical vulnerabilities are patched immediately. Affected customers are notified when required.
  • Releases are validated using Motorola Information Assurance security checks.
  • Nessus and Nmap are used for vulnerability scanning. These tools are used for Motorola infrastructure validation.

Antivirus and False Positives

  • Antivirus databases may react to legacy libraries or specific algorithms over time.
  • False positive detections may occur for low level libraries and system components. Examples include HWID generation tools or system level algorithms.
  • Such components may be detected as trojans while not being malicious.

Use trusted and up to date antivirus or anti malware software to scan the installation package. Examples include Windows Defender, McAfee, Malwarebytes, and Kaspersky.

  • TRBOnet software packages are digitally signed. The signature can be verified to confirm integrity.
  • All packages are scanned by trusted security software before publication on the TRBOnet website and Motorola portals.

If the digital signature is valid and the package is unchanged, detections should be treated as false positives and not as malware.

Security Recommendations

Security level depends on the environment. TRBOnet is secure if the network is secure.

Use infrastructure security measures:

  • VPN
  • Firewall rules
  • NAT
  • Network segmentation

Operating System

  • TRBOnet applications rely on Windows security. Ensure OS is hardened and access is restricted.
  • Use workstations and servers with controlled physical and remote access.
  • Keep Windows, .NET, and SQL Server security updates current.

File System

  • Use BitLocker to encrypt TRBOnet archive data (audio recordings and database backups).
  • Automatically transfer archives and backups to secure storage with restricted access.
  • Use SQL Backup Encryption instead of TRBOnet backup export when possible.

SQL Server

  • Consider enabling Transparent Data Encryption (TDE) on the SQL Server instance.
  • If the SQL Server is remote, use VPN tunneling between TRBOnet Server and the SQL Server host.

Radio System

  • Security depends on the environment. If the network is secure, TRBOnet operates securely within it.
  • AES encryption may be applied to communications between the TRBOnet Server and the radio system, depending on system type and configuration.

This article describes encryption methods, credential protection, development security practices, and operational security recommendations for TRBOnet systems.

Between MOTOTRBO Network and Server

Supported MOTOTRBO privacy types:

  • Basic Privacy (Key ID)
  • Enhanced Privacy (ARC4, 40-bit)
  • Enhanced Privacy (AES-256)

AES-256 is available in TRBOnet Plus only. Requires the AES Privacy license on TRBOnet Plus and on MOTOTRBO radios.

Between Server and Dispatch Console

TEA encryption for data only.

TRBOnet Encryption Diagram

Between Server and Mobile Client

Starting from Enterprise and Plus 6.3, communication can be secured using TLS (AES-128).

Mobile Client Encryption Performance

Stored Credentials Encryption

The TRBOnet Database stores user passwords encrypted using TEA.

The Server configuration file stores passwords, privacy keys, authentication keys, and Dimetra Express login details encrypted using TEA and Rijndael.

Application Security Overview

Development Practices

  • TRBOnet applications are developed to be resistant to common security vulnerabilities.
  • Development follows www.stigviewer.com
  • Security issues are evaluated after release and addressed through regular updates.
  • Critical vulnerabilities are patched immediately. Affected customers are notified when required.
  • Releases are validated using Motorola Information Assurance security checks.
  • Nessus and Nmap are used for vulnerability scanning. These tools are used for Motorola infrastructure validation.

Antivirus and False Positives

  • Antivirus databases may react to legacy libraries or specific algorithms over time.
  • False positive detections may occur for low level libraries and system components. Examples include HWID generation tools or system level algorithms.
  • Such components may be detected as trojans while not being malicious.

Use trusted and up to date antivirus or anti malware software to scan the installation package. Examples include Windows Defender, McAfee, Malwarebytes, and Kaspersky.

  • TRBOnet software packages are digitally signed. The signature can be verified to confirm integrity.
  • All packages are scanned by trusted security software before publication on the TRBOnet website and Motorola portals.

If the digital signature is valid and the package is unchanged, detections should be treated as false positives and not as malware.

Security Recommendations

Security level depends on the environment. TRBOnet is secure if the network is secure.

Use infrastructure security measures:

  • VPN
  • Firewall rules
  • NAT
  • Network segmentation

Operating System

  • TRBOnet applications rely on Windows security. Ensure OS is hardened and access is restricted.
  • Use workstations and servers with controlled physical and remote access.
  • Keep Windows, .NET, and SQL Server security updates current.

File System

  • Use BitLocker to encrypt TRBOnet archive data (audio recordings and database backups).
  • Automatically transfer archives and backups to secure storage with restricted access.
  • Use SQL Backup Encryption instead of TRBOnet backup export when possible.

SQL Server

  • Consider enabling Transparent Data Encryption (TDE) on the SQL Server instance.
  • If the SQL Server is remote, use VPN tunneling between TRBOnet Server and the SQL Server host.

Radio System

  • Security depends on the environment. If the network is secure, TRBOnet operates securely within it.
  • AES encryption may be applied to communications between the TRBOnet Server and the radio system, depending on system type and configuration.

Helpful?
We're glad this article helped.

Thanks for letting us know. What went wrong?