Sunday 29 March 2020

Securing your Raspberry Pi (Raspbian)

Linux,by design, is generally more secure than say, Windows.


There are many reasons, some historical, some design (including historical).

Of course this is no excuse for not taking precautions. Inside your own network, you should take care, but the Raspberry Pi is very portable, so it might be outside, facing the rampaging hordes on the Internet.

I have a Raspberry Pi 3 that I take on holiday with me, it is used as an entertainment centre (most hotels have HDMI compatible television) so I can listen to podcasts or watch streamed television (see also get_iplayer).

However, this does require a connection to the outside, and you are never sure what is on the other end of the WIFI connection.

For this you need to have and control a Firewall.

Linux has a number of built in firewall capabilities, but they are complicated to control out of the box.

This is where Uncomplicated Firewall comes in handy.

Uncomplicated Firewall

Install Uncomplicated Firewall (UFW).

Uncomplicated Firewall (UFW) is included in most Linux  repositories, so indtallation is pretty easy.

$ sudo apt-get install ufw

 Allow SSH through (if required - be careful if you are working on a 'headless' raspberry Pi)
$ sudo ufw allow ssh

Check the rules

A command has been added that allows the rules to be checked even when the UFW is not enabled.

$ sudo ufw show added

Added user rules (see 'ufw status' for running firewall):

ufw allow 22/tcp

Enabling UFW

Before enabling UFW, if you are accessing the machine remotely, ensure that you a) have set a rule allowing an SSH connection, and b) just in case, that you can directly access the machine (have access to the machine and have a keyboard and display to hand).

$ sudo ufw enable

Show status

$ sudo ufw status
Status: active
To                         Action      From
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)

Disable UFW

$ sudo ufw disable

Allowing other ports

There are a large number of pre-defined port combinations available on UFW. These can be listed using:
sudo ufw app list

Conclusion

This does not make your Raspberry Pi secure, there are a number of additional actions it is worth taking, and other products are available, but you can at least start to protect your machine and the data on it.

References

https://www.raspberrypi.org/documentation/configuration/security.md
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29
https://wiki.ubuntu.com/UncomplicatedFirewall
http://manpages.ubuntu.com/manpages/cosmic/en/man8/ufw.8.html


Posted by at
Labels: , , , , ,