Security - Best Practices

[01grander]

Hey,

My boss is wanting to use Raspberry Pi's for a lot of different projects around our department. We currently are doing very basic tasks, opening a website, displaying a message, and printing pdf's. We are wanting to use these at an intake area, those will perform different functions but I need to start looking into best security practices since it will be "public" facing. It's not going to be for the general public but it will be for people outside our department. It will be on its own vlan behind a basic firewall but I am looking for tips for best security practices.


Any tips?


Thanks

[davidcoton]

https://www.raspberrypi.org/documentati ... ecurity.md

[graysky]

We are wanting to use these at an intake area, those will perform different functions but I need to start looking into best security practices since it will be "public" facing.

All bets are off if there is physical access to the machine.

[W. H. Heydt]

We are wanting to use these at an intake area, those will perform different functions but I need to start looking into best security practices since it will be "public" facing.

All bets are off if there is physical access to the machine.

Even that can be mitigated to a degree. Besides booting over a network (where that is possible), there are cases that have an SD card slot cover and you have to physically disassemble the case (which takes removing 4 screws) to remove that cover.

Much of it depends on just how far you want to go. At what point does the cost of physical security exceed the time and materials it costs to deal with a Pi going on walkabout.