Hi. I have a couple of questions I hope someone can answer.
Let's say I have a properly configured router with strong password (whatever "properly configured" and "strong password" means - that's not the point here). This router has no port forwarding enabled. Let's say I connect a Raspberry to this router with a fresh instalation of Raspbian, but I don't change the default password. How safe would the RPi be from external attacks? Is the router effectively isolating the RPi from the world because of the port-forwarding ferature being disabled? Is there any other way in which an external attacker can reach the RPi?
Now let's say that I want to be hacked (if only for the chance to discover the bad guy's tricks), so I enable port forwarding (and any other option that makes me an attractive and easy target) and wait patiently until someone bites. What would the tools or places to look for be in order to find traces of an intrusion or attack? I know this can be quite difficult since, well, the attackers obviously want to be as invisible as possible for as long as possible, but there must be some ways to detect uninvited logins, unwated changes to the system and the like.
Not that I've been hacked (or left an unsecured RPi connected to the internet - yet )