MadSecurityMan
Posts: 1
Joined: Mon Aug 14, 2017 2:32 pm

Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 2:53 pm

Ever since getting my Raspberry Pi, I have never really been online with it. Mainly because I can't find any security Software for Raspbain and I have a really hard time setting up a firewall. Mainly because I don't understand any of it. So I was wondering if it would be a wise decision to just use the internet for YouTube alone (as was intended from the start) and just have ad blocker enabled to help stop any of those nasty pieces of malware hurting the pi?

fruitoftheloom
Posts: 23337
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 3:17 pm

MadSecurityMan wrote:
Mon Aug 14, 2017 2:53 pm
Ever since getting my Raspberry Pi, I have never really been online with it. Mainly because I can't find any security Software for Raspbain and I have a really hard time setting up a firewall. Mainly because I don't understand any of it. So I was wondering if it would be a wise decision to just use the internet for YouTube alone (as was intended from the start) and just have ad blocker enabled to help stop any of those nasty pieces of malware hurting the pi?
What Malware have you found which infects the Linux Operating Systems available for the Raspberry Pi ??

Have run Linux for over 5 years and apart from changing default password have never installed a Firewall or even Anti-Virus/Malware Software..
Rather than negativity think outside the box !
RPi 4B 4GB (SSD Boot)..
Asus ChromeBox 3 Celeron is my other computer...

Heater
Posts: 15950
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 3:30 pm

I don't know anyone who runs "security software" on their Linux machines.

You don't need a firewall. Not unless you decide to start running services on your Pi that expose insecure ports.

Do at least change your pi password. Or better yet create a new user name for yourself and remove the Pi user.

Do try to keep up with updates.

I see no reason to consider the Pi and Raspbian any less secure than other main stream machines and operating systems.

Of course there is no such thing as "secure". As in 100% guaranteed to not be exploitable for all of time. There is no way to know what bugs and exploits will show up in the future. No matter what system you are using.
Memory in C++ is a leaky abstraction .

scotty101
Posts: 3958
Joined: Fri Jun 08, 2012 6:03 pm

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 4:00 pm

The 'official' security advice for the raspberry pi is here
https://www.raspberrypi.org/documentati ... ecurity.md
Electronic and Computer Engineer
Pi Interests: Home Automation, IOT, Python and Tkinter

User avatar
davidcoton
Posts: 5028
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 5:24 pm

How does your Pi connect to the internet? If you have a home router, by default it should not allow any external connection to reach the Pi. So security does not rely on the Pi having a firewall on the Pi.
And as Heater says, anything that does get through can't affect the Pi unless you run software that lets it (including ssh, of course).
If you have set up your system to allow incoming connections to the Pi (because you want/need to do so), then it will be difficult to define firewall rules that add any security.
Signature retired

markatlnk
Posts: 57
Joined: Sun Feb 23, 2014 7:53 pm

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 10:43 pm

It can be. Make sure you change the default passwords. I am running a Wordpress blog and full email system on a Pi2. Although it has been updated, it hasn't been rebooted in 345 days. I do run the apt-get update/upgrade frequently and really should reboot when there is a kernel update. I do have an external router, so only ssh, web, and mail traffic get through to it. I also pay a bit extra to my ISP so I can have a static IP address.

I do get frequent attempts at logging in from all over the world, but the passwords are secure so it just hasn't been a problem.

The other change from stock system is I moved the root drive to an external 500G hard drive so the SD card is seldom written to.

Mark

Heater
Posts: 15950
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is the Raspberry Pi Secure online?

Mon Aug 14, 2017 10:51 pm

Wordpress. All bets for security are off :)

Of course if you start running servers on you Pi that are open to the internet then security becomes a whole bigger issue than just surfing the web from a Pi.

I was kind of joking about Wordpress but it's a good example. Plenty of Wordpress sites have been hacked into because they have not kept up to date with the latest exploits and updated their software or configurations accordingly.

But now we are talking how to secure servers/services which is a whole other topic than the security of the Pi/Raspbian itself.
Memory in C++ is a leaky abstraction .

User avatar
davidcoton
Posts: 5028
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Is the Raspberry Pi Secure online?

Tue Aug 15, 2017 8:28 am

markatlnk wrote:
Mon Aug 14, 2017 10:43 pm
Although it has been updated, it hasn't been rebooted in 345 days. I do run the apt-get update/upgrade frequently and really should reboot when there is a kernel update.
Yes, you really should reboot. You will still be running the kernel that you has 345 days ago. There is also no guarantee that the latest patches to server software are actually running -- it depends on the software structure as to whether or not replaced parts are reloaded. Make a reboot a regulaler part of your update/upgrade procedure, at least when you see security upgrades for the kernel or any of your server software.
Signature retired

Return to “General discussion”