Technical Documentation
IN THIS ARTICLE

Security

Incorrect email!

The article was successfully sent to the email

Between MOTOTRBO Network and Server

Supported MOTOTRBO privacy types:

  • Basic Privacy (Key ID)
  • Enhanced Privacy (ARC4, 40-bit)
  • Enhanced Privacy (AES-256) — available in TRBOnet Plus only and requires the AES Privacy license to be purchased and activated on both TRBOnet Plus and the MOTOTRBO radios.

Between Server and Dispatch Console

TEA encryption for data only.

TRBOnet Encryption Diagram

Between Server and Mobile Client

Starting from Enterprise/Plus 6.3 communication can be secured using TLS (AES-128).

Mobile Client Encryption Performance

Stored Credentials Encryption

The TRBOnet Database stores user passwords encrypted using TEA.

The Server configuration file stores passwords, privacy keys, authentication keys, and Dimetra Express login details encrypted using TEA and Rijndael.

Application Security Overview

Development Practices
  • TRBOnet applications are developed to be resistant to common security vulnerabilities.
  • Development follows: www.stigviewer.com
  • Security issues are evaluated post‐release and addressed through regular updates.
  • Critical vulnerabilities are patched immediately, and affected customers are notified when required.
  • Releases are validated using Motorola Information Assurance (IA) security checks.
  • Nessus (code vulnerability) and Nmap (network vulnerability) scanning tools are commonly used. These are the same tools used to evaluate Motorola infrastructure.

Security Recommendations

Security level depends on the environment. TRBOnet is secure if the network is secure.

Use infrastructure security measures such as:

  • VPN
  • Firewall rules
  • NAT
  • Network segmentation
Operating System
  • TRBOnet applications rely on Windows security. Ensure OS is hardened and access is restricted.
  • Use workstations and servers with controlled physical and remote access.
  • Keep Windows, .NET, and SQL Server security updates current.
File System
  • Use BitLocker to encrypt TRBOnet archive data (audio recordings and database backups).
  • Automatically transfer archives and backups to secure storage with restricted access.
  • Use SQL Backup Encryption instead of TRBOnet backup export when possible.
SQL Server
  • Consider enabling Transparent Data Encryption (TDE) on the SQL Server instance.
  • If the SQL Server is remote, use VPN tunneling between TRBOnet Server and the SQL Server host.
Radio System
  • Security depends on the environment. If the network is secure, TRBOnet operates securely within it.
  • AES encryption may be applied to communications between the TRBOnet Server and the radio system, depending on system type and configuration.

Security

Between MOTOTRBO Network and Server

Supported MOTOTRBO privacy types:

  • Basic Privacy (Key ID)
  • Enhanced Privacy (ARC4, 40-bit)
  • Enhanced Privacy (AES-256) — available in TRBOnet Plus only and requires the AES Privacy license to be purchased and activated on both TRBOnet Plus and the MOTOTRBO radios.

Between Server and Dispatch Console

TEA encryption for data only.

TRBOnet Encryption Diagram

Between Server and Mobile Client

Starting from Enterprise/Plus 6.3 communication can be secured using TLS (AES-128).

Mobile Client Encryption Performance

Stored Credentials Encryption

The TRBOnet Database stores user passwords encrypted using TEA.

The Server configuration file stores passwords, privacy keys, authentication keys, and Dimetra Express login details encrypted using TEA and Rijndael.

Application Security Overview

Development Practices
  • TRBOnet applications are developed to be resistant to common security vulnerabilities.
  • Development follows: www.stigviewer.com
  • Security issues are evaluated post‐release and addressed through regular updates.
  • Critical vulnerabilities are patched immediately, and affected customers are notified when required.
  • Releases are validated using Motorola Information Assurance (IA) security checks.
  • Nessus (code vulnerability) and Nmap (network vulnerability) scanning tools are commonly used. These are the same tools used to evaluate Motorola infrastructure.

Security Recommendations

Security level depends on the environment. TRBOnet is secure if the network is secure.

Use infrastructure security measures such as:

  • VPN
  • Firewall rules
  • NAT
  • Network segmentation
Operating System
  • TRBOnet applications rely on Windows security. Ensure OS is hardened and access is restricted.
  • Use workstations and servers with controlled physical and remote access.
  • Keep Windows, .NET, and SQL Server security updates current.
File System
  • Use BitLocker to encrypt TRBOnet archive data (audio recordings and database backups).
  • Automatically transfer archives and backups to secure storage with restricted access.
  • Use SQL Backup Encryption instead of TRBOnet backup export when possible.
SQL Server
  • Consider enabling Transparent Data Encryption (TDE) on the SQL Server instance.
  • If the SQL Server is remote, use VPN tunneling between TRBOnet Server and the SQL Server host.
Radio System
  • Security depends on the environment. If the network is secure, TRBOnet operates securely within it.
  • AES encryption may be applied to communications between the TRBOnet Server and the radio system, depending on system type and configuration.

Helpful?
We're glad this article helped.

Thanks for letting us know. What went wrong?