When you embark on a project with a Raspberry Pi, one of the most important considerations is to ensure that your device is protected against potential security threats.
Depending on where you want to use it… if it’s a machine that’s in your home, there’s not much problem. But if you plan to use it as a server, or if you plan to place it in a public space for an IoT project, things change.
In this article, we will look at a series of tips to improve the security of your Raspberry Pi, making it more difficult for opportunistic individuals.
No installation is secure. No matter how many tips I can give you. And the best advice is always to be cautious and take care of yourself.
Use a Secure Password
The first step towards a secure installation is to ensure that your Raspberry Pi has a strong password.
By default, the pi account comes with a default password (raspberry), which is well-known and easy to guess.
To change the password, you can use the passwd command:
passwdRecommendations for passwords, basically the same as always,
- Length: Use passwords that are at least 12 characters long.
- Complexity: Include a combination of uppercase letters, lowercase letters, numbers, and symbols.
- Uniqueness: Do not reuse passwords from other accounts.
Change the Username
Changing the password is absolutely essential. But it’s even better if we add our own user and completely remove the pi user.
This way, attackers will have a much harder time, as they won’t know either the username or the password.
It will add a bit of complexity for you, as many tutorials use the pi user as a reference. But it adds a new layer of security.
We see it in this entry read more
Regularly Update the System
Keeping your system updated is very important to protect yourself against known security vulnerabilities. Updates often include patches for security issues that could be exploited by attackers.
To update your Raspberry Pi, run the following commands:
sudo apt update
sudo apt full-upgradeSet Up a Firewall
A firewall helps control the traffic that comes in and out of your Raspberry Pi, adding an extra layer of protection. UFW (Uncomplicated Firewall) is an easy-to-use tool for this purpose.
We see it in this entry read more
Mitigate Brute Force Attacks
You can use services like Fail2Ban to mitigate brute force attacks.
sudo apt install fail2banFail2Ban protects against unauthorized access attempts by blocking IP addresses that exhibit suspicious behavior.
Securely Configure SSH
If you access your Raspberry Pi remotely via SSH, it is essential to configure the service securely, or it can be a real security hole.
Disable Root Access via SSH
Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_configEnsure that the following lines are set:
PermitRootLogin no
PasswordAuthentication yesRestart the SSH service to apply the changes:
sudo systemctl restart sshUse Keys Instead of Passwords
For added security, consider using SSH keys instead of passwords.
Generate an SSH key on your local machine:
ssh-keygenCopy the public key to your Raspberry Pi:
ssh-copy-id pi@<IP-of-your-Raspberry>Disable Unnecessary Services
Each service running on your Raspberry Pi is a potential entry point for an attacker. Disable or remove services that you are not using to reduce the attack surface.
To see which services are active, use:
sudo systemctl list-units --type=serviceTo disable a service, use:
sudo systemctl disable service-nameRegularly Back Up
Keeping regular backups of your system and data is essential to recover information in case of failures or security breaches.
You can create a complete image of your system using tools like dd:
sudo dd if=/dev/mmcblk0 of=/path/to/backup.img bs=4MPhysical Security
Do not underestimate the importance of the physical security of your Raspberry Pi. Place your device in a secure location and prevent unauthorized individuals from having physical access to it.
- Secure Enclosure: Use a safe box or case to protect the hardware.
- Location: Keep the Raspberry Pi in a place accessible only to authorized individuals.
It may seem silly, but I’ve seen Raspberry Pis placed on top of a hospital door, without a case or anything. That is NOT a secure installation 😅.