Introduction

A Raspberry Pi is an awesome development platform which, by default is configured to be accessible and open. Attackers know about this vulnerability and leverage botnets to identify and automatically compromise such linux systems on WPI’s network. It has been witnessed that newly installed Raspberry Pis can be scanned and compromised by botnets in under 3 minutes when not properly protected.

Action Needed

Please apply the defenses below to protect your Raspberry Pi.

Enable a firewall to block unwanted connection attempts

A firewall will block incoming connections to your Raspberry Pi and help safeguard network/server applications. WPI’s Information Security Office advises using Uncomplicated Firewall (UFW) on Raspberry Pis.

  1. Install UFW sudo apt-get update sudo apt-get install ufw
  2. Enable UFW
    sudo ufw enable
  3. Deny incoming and allow outgoing network traffic
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
  4. Review the UFW configuration
    sudo ufw status verbose
  5. Reboot your Raspberry Pi
    sudo reboot  

If necessary, UFW can be configured to open specific ports to specific hosts – allowing the Pi to be used as a server. The general syntax for commands are as follows:

sudo ufw allow <Port> from <IP>

Please visit Related Actions for more information.

Change the Raspberry Pi Default Password

The default credentials for a Raspberry Pi are username: pi and password: raspberry. Attackers know this too, and are actively looking to exploit default login credentials using botnets which continuously scan the internet for vulnerable linux machines. The solution is to change the default password to something unique and more complex.

More information is in the Related Article Password Safety

Keep software up-to-date

Ensuring up-to-date software by applying new patches is always good advice for keeping any system safe. For your Raspberry Pi, it is important that you remember to update at least once per week. Updates can be conducted by simply using the following commands:

sudo apt-get update

sudo apt-get full-upgrade

Disable SSH login over Root

The root user account has administrative rights over the entire linux system and every linux device has a root user. Every attacker knows the root user exists on linux machines and will relentlessly try to brute-force the password. This can be avoided entirely by simply disabling SSH login to root using the following instructions.

  1. Edit the file /etc/ssh/sshd_config
  2. Search for the line PermitRootLogin no
  3. Remove the leading hash character [#] to “uncomment” the line (if this line does not begin with #, then root has already been disabled for you)

Some Helpful Definitions

Network:
Two or more computers connected for the purpose of sharing resources. The most common resource shared today is connection to the internet. When you connect your phone to your home's Wi-Fi, you are connecting your phone to your home network and through that, you connect to the internet.

Firewall:
A system designed to prevent unauthorized access to or from a private device. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private.

Software Patch: 

When a developer discovers a vulnerability or issue in their software, they release a “patch” to fix the broken code. These patches can be applied to a user’s software by installing the most recent updates.

Brute-force:

An attack on authentication systems involving an attacker using computers to rapidly try thousands (or millions) of passwords. The attempted passwords are based on default credentials, common passwords, or even knowledge about a specific victim.

Root:

The administrator account on linux systems that has permission to do anything on the system. Users should refrain from doing any work while logged-in as root, as it is commonly insecure and mistakes can be made.