Malware and viruses are everywhere on the internet and in the computing systems. And it had not left the Raspberry Pi too. In the second half of May 2017, a Trojan was detected in Linux environment named as Linux.MulDrop.14. As the Raspberry Pi devices are mostly depended on the Linux distribution, they are affected the most. The Trojan came in the form of a script with the aim of mining the compressed and encrypted techniques. It surely creates a question for the Raspberry Pi network security.
Today, I will mention about how you can secure your beloved Pi in these top 5 raspberry Pi network security tips for a beginner.
Tip-1: Change your Raspberry Pi Default Password
The first and essential step of securing anything is to change the password at regular times. Same thing applies for the Raspberry Pi. We all know that every Pi device comes with a default password. Until now, many users were not taking it seriously to change the password received with the instrument as it is not required too. But after the security was infected by Trojan, it became the must thing for every user to change the default password of Raspberry Pi.
If you are using the official Raspbian OS for your Pi device, then
- Boot up and when the terminal is opened, run ‘sudo raspi-config.’ This will display the configuration tool.
- In the display window, choose Change User Password option.
- Enter the new Unix password and confirm it once
If you are a signed in user, then you can do this directly without using the sudo command. Just type passwd in the Pi terminal and enter the password two times.
Just to remind you, you will not see any text on the screen when you change the Raspberry Pi root password. This is important to keep your code safe from others.
Tip-2: Remove the default user from your Raspberry Pi
You can also remove the default Pi user from your device to take a step ahead for the Raspberry Pi security. I will use ‘mdp’ as a new username (Everyone loves own name!)
- Open the Raspberry Pi terminal window and type the command ‘sudo adduser mdp’
- Enter the password and confirm by typing it again. Press ‘Enter’
- Add information like full name, phone number, etc. when asked. You can skip it also
- When a message is displayed, ‘is this information correct [Y/N]’ on your screen, then enter ‘Y’ if you are sure about it
- Now, log in with your new username and password. Run the command as root, ‘sudo userdel –r pi’
- This will remove the home folder
Remember to log in to the Pi and add a new user before you start and complete this step. Also, make sure to save the files you want to keep from the home folder.
Tip-3: Raspberry Pi Antivirus
This malware only targets to the single-board Raspberry Pi. I can say this because it invariably finds the open SSH port of Pi device on the web and when it hits one, it uses the default Raspberry Pi username and password as ‘pi’ and ‘raspberry’ respectively. You can save your device by using a good-quality Raspberry Pi antivirus software.
There are various firewall software available in the market to do this, but if you want to create a firewall on your own, then follow the steps below:
First, install the GUI using commands
- sudo apt – get update
- sudo apt – get install fwbuilder
In the submenu of Raspberry Pi GIU, you will see a Firewall Builder. You just need to follow the instructions, and you will be able to create your own Firewall. Save your script and make sure to load it on your device of the Raspberry Pi network.
- Now type pre-up /home/pi/fwbuilder/firewall.fw
- In ‘Epilog’ section of the script, type route add default gw [xxx.xxx.x.x] (IP address) eth0
Tip-4: Setup SSH Pairing for Raspberry Pi Security
When you set the SSH keys, it will allow you to login to the server without entering the Raspberry Pi default password. You just need to authenticate the client, and by using the SSH keys, both client and server can log in. This method is very useful against the ‘Brute Force Attack.’ If you add a passphrase to the server, then the authentication becomes impossible without using both the passphrase and SSH key.
To generate the SSH key type the command below. Here I have used the RSA V2 protocol:
- ssh-keygen –b 2048 –t rsa
To remind you, here the client is your computer from where you are accessing the device, and the server is your Raspberry Pi.
Tip-5: Set Automatic Updates for Increasing Raspberry Pi Network Security
Securing a device doesn’t only mean to use an antivirus or setting the passwords, but you should also regularly maintain it with the latest updates. If you have set a server on Raspberry Pi and not using it too much, then this may look complicated or troublesome task. But you can set overall software upgrades, and it will help to get better results.
Run the commands as below. These commands will install and configure the unattended-upgrades package:
- sudo apt-get install unattended-upgrades
- sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Now for performing Raspbian Jessie Network Security update, type:
- “o=Raspbian, n=Jessie, l=Raspbian-Security”;
Not only this, but a few other upgrades can also be made to get an email in your mailbox for the security updates.
It’s Your Raspberry Pi, Secure It
You should know that anyone using the web can easily search for the default or root password and username for the Raspberry Pi. So, you must change the credentials as soon as you setup your device. Set up a good firewall (antivirus) for your Raspberry Pi and set it for regular updates. Store your Raspberry Pi at a safe place while you are not using it for a time.
Whether you are setting up a server, tinkering with connected devices, or making a home automation project with the Raspberry Pi, some necessary actions required to get the best out of it by making it secure, especially if you are a beginner in the field.
Let me know if I missed any important tip or trick in the comment section below.