When you embark on a project with a Raspberry Pi, one of the most important considerations is ensuring your device is protected against potential security threats.
Depending on where you want to use it… if it’s a machine at your home, it’s not a big problem. But if you plan to use it as a server, or if you plan to place it in a public space for an IoT project, that changes things.
In this article, we are going to see a series of tips to improve the security of your Raspberry Pi, trying to make it harder for opportunistic people.
No installation is completely secure. No matter how many tips I can give you. And the best advice is always to use common sense and be cautious.
Use a Strong Password
The first step towards a secure installation is to make sure your Raspberry Pi has a strong password.
By default, the pi account comes with a default password (raspberry), which is very well-known and easy to guess.
To change the password, you can use the passwd command:
passwd
Password recommendations, basically the usual ones,
- Length: Use passwords of at least 12 characters.
- Complexity: Include a combination of uppercase letters, lowercase letters, numbers, and symbols.
- Uniqueness: Do not reuse passwords from other accounts.
Change the Username
Changing the password is absolutely essential. But it’s even better if we add our own user and completely remove the pi user.
This will make it much harder for attackers because they won’t know either the username or the password.
It will add a bit of complexity for you because many tutorials use the pi user as a reference. But it adds a new layer of security.
If you want to know more, check out this post.
Update the System Regularly
Keeping your system updated is very important to protect yourself against known security vulnerabilities. Updates often include patches for security issues that could be exploited by attackers.
To update your Raspberry Pi, run the following commands:
sudo apt update sudo apt full-upgrade
Configure a Firewall
A firewall helps control the traffic entering and leaving your Raspberry Pi, adding an extra layer of protection. UFW (Uncomplicated Firewall) is an easy-to-use tool for this purpose.
If you want to know more, check out this post.
Mitigate Brute Force Attacks
You can use services like Fail2Ban to mitigate brute force attacks.
sudo apt install fail2ban
Fail2Ban protects against unauthorized access attempts by blocking IP addresses that show suspicious behavior.
Configure SSH Securely
If you access your Raspberry Pi remotely via SSH, it is essential to configure the service securely, or it can be a real security hole.
Disable Unnecessary Services
Every service running on your Raspberry Pi is a potential entry point for an attacker. Disable or remove services you are not using to reduce the attack surface.
To see which services are active, use:
sudo systemctl list-units —type=service
To disable a service, use:
sudo systemctl disable nombre-del-servicio
Make Regular Backups
Keeping regular backups of your system and data is essential to be able to recover information in case of failures or security compromises.
You can create a complete image of your system using tools like dd:
sudo dd if=/dev/mmcblk0 of=/path/to/backup.img bs=4M
Physical Security
Don’t underestimate the importance of the physical security of your Raspberry Pi. Place your device in a secure location and prevent unauthorized people from having physical access to it.
- Secure Enclosure: Use a secure box or case to protect the hardware.
- Location: Keep the Raspberry Pi in a place accessible only to authorized people.
It might seem silly, but I’ve seen Raspberry Pis placed on top of a hospital door, without a case or anything. That is NOT a secure installation 😅.
