-
Notifications
You must be signed in to change notification settings - Fork 19
Protecting your Pi
Raspberry Pis are vulnerable to attacks. If you use it at home or on a small network, it might be ok, but if you open ports on the Internet, use it as a Wi-Fi access point, or install it on a larger network, you should take some precautionary steps to protect your Raspberry Pi.
Make sure to keep up with updates from the default Raspberry Pi OS repository, so that you not only get the latest features but mainly all the security fixes for your installed applications. Try to update your Raspberry Pi regularly with: sudo apt update and sudo apt upgrade.
A common mistake is to leave the default password on the pi user (raspberry). Anyone who has already used a Raspberry Pi will know this password. So many people are scanning SSH ports and trying to log in with pi/raspberry so go ahead and change the default password using the command passwd.
Generate a key on your computer, and then add it to the Raspberry Pi to allow a connection from your computer (with or without a password). A great step-by-step procedure can be found at the end of this article. Once this is working, you can only disable SSH connections with a password.
Fail2ban is a tool that detects brute-force attacks and blocks them. Fail2ban blocks attackers’ IPs if they fail to log in more than X times and you can configure the X number of tries before a ban, and the ban duration.
A firewall allows you to block all ports except the ones you need and specify and it can filter access by IP. For example, you can block everything, and just allow SSH access from your computer IP address.
The SSH default port is 22 so attackers often create bots to make login attempts on this port. To prevent this, you can change the default port and set another one. Edit the SSH server configuration file by sudo nano /etc/ssh/sshd_config and when you find this line #Port 22 replace the port with the one you want to use, and make sure to uncomment the line like so Port 1111. Avoid port conflicts by using a free one, full list here: List of known ports on Wikipedia. Save and exit (CTRL+O, CTRL+X) and restart your server sudo service ssh restart.
Back up your files correctly and regularly so that you have a copy in case you have to reset things or the SD card gets corrupted, which unfortunately can happen.
Most of the time, attacks are visible in the log files, so try to read them regularly to monitor for any suspicious activity.
Try and not use unsafe protocols (FTP, Telnet or HTTP for example) and instead try to replace them with safer ones (SFTP, SSH, HTTPS) when possible.
This thorough guide offers a lot of useful suggestions: https://raspberrytips.com/security-tips-raspberry-pi/