como-hacer-segura-raspberry-pi

Tips for a Secure Raspberry Pi Installation

  • 4 min

Securing a Raspberry Pi means reducing the attack surface and avoiding weak configurations before putting it to serious work.

Depending on where you want to use it, the level of rigor changes. If it is a test machine at home, the risk is smaller. If it is going to be a server, a computer accessible from the Internet, or a device installed in a public place, things change quite a lot.

We are going to look at a series of tips to improve Raspberry Pi security, making things a bit harder for opportunistic people.

No installation is completely secure. No matter how many tips I can give you. And the best advice is always to use common sense and be cautious.

Use a Strong Password

The first step towards a secure installation is to make sure your Raspberry Pi has a strong password.

In older versions of Raspbian, the pi account came with a default password (raspberry), which was very well known and easy to guess. In modern Raspberry Pi OS you configure your own user during installation, but the recommendation is still the same: nothing with weak passwords.

To change the password, you can use the passwd command:

passwd

Password recommendations, basically the usual ones,

  • Length: Use passwords of at least 12 characters.
  • Complexity: Include a combination of uppercase letters, lowercase letters, numbers, and symbols.
  • Uniqueness: Do not reuse passwords from other accounts.

Change the Username

Changing the password is absolutely essential. On older installations, it was also advisable to add our own user and completely remove the pi user.

This makes things a little harder for attackers, because they will not be trying against inherited and overly well-known names.

It will add a bit of complexity for you because many tutorials use the pi user as a reference. But it adds a new layer of security.

If you want to know more, check out this post.

Update the System Regularly

Keeping your system updated is very important to protect yourself against known security vulnerabilities. Updates often include patches for security issues that could be exploited by attackers.

To update your Raspberry Pi, run the following commands:

sudo apt update sudo apt full-upgrade

Configure a Firewall

A firewall helps control the traffic entering and leaving your Raspberry Pi, adding an extra layer of protection. UFW (Uncomplicated Firewall) is an easy-to-use tool for this purpose.

If you want to know more, check out this post.

Mitigate Brute Force Attacks

You can use services like Fail2Ban to mitigate brute force attacks.

sudo apt install fail2ban

Fail2Ban protects against unauthorized access attempts by blocking IP addresses that show suspicious behavior.

Configure SSH Securely

If you access your Raspberry Pi remotely via SSH, it is essential to configure the service securely, or it can be a real security hole.

Disable Unnecessary Services

Every service running on your Raspberry Pi is a potential entry point for an attacker. Disable or remove services you are not using to reduce the attack surface.

To see which services are active, use:

sudo systemctl list-units —type=service

To disable a service, use:

sudo systemctl disable nombre-del-servicio

Make Regular Backups

Keeping regular backups of your system and data is essential to be able to recover information in case of failures or security compromises.

You can create a complete image of your system using tools like dd:

sudo dd if=/dev/mmcblk0 of=/path/to/backup.img bs=4M

Physical Security

Don’t underestimate the importance of the physical security of your Raspberry Pi. Place your device in a secure location and prevent unauthorized people from having physical access to it.

  • Secure Enclosure: Use a secure box or case to protect the hardware.
  • Location: Keep the Raspberry Pi in a place accessible only to authorized people.

It might seem silly, but I’ve seen Raspberry Pis placed on top of a hospital door, without a case or anything. That is NOT a secure installation 😅.