Security Training and User Guides

Security Awareness Training

The Security Awareness Training (SAT) course for 2018 is now available. Please visit the Canvas course to enroll.

More guides and content are in development! In the meantime, you can browse the knowledge base to learn more about a range of security-related topics.

 

Raspberry Pi Security Guide

Document Purpose

This guide provides information on security measures that should be applied on Raspberry Pi devices to help reduce the risk of compromise.  In addition to the recommendations in this guide, Raspberry Pi administrators should keep informed of newly publicized issues affecting the device, and apply appropriate mitigation measures.

Threat

Raspberry Pis are a target because they are more often left exposed, not fully secured, or abandoned and vulnerable.  Their computing power can be a target for cryptocurrency mining, they can be used to pivot to or attack other systems on the network, or for other nefarious purposes.

Security Measures

Excellent resources exist for securing a Raspberry Pi.  They are listed below and should be followed. A synposis of some of the key measures from these recommendations follows, but step by step information should followed in these resources:

  1. Access
    • Change the default password
    • Create a new user with a long and strong/complex password.  Give that user sudo permissions. Confirm it works then delete the default user, pi
    • Make sudo require a password
    • Modify the sshd configuration to allow only specific users for SSH access
    • A recommended alternative to password login is to use key-based authentication
  2. Software updates
    • Keep the system patched with the latest security updates
    • Additional recommendation:  Back up your configuration