Security Training and User Guides
Raspberry Pi Security Guide
This guide provides information on security measures that should be applied on Raspberry Pi devices to help reduce the risk of compromise. In addition to the recommendations in this guide, Raspberry Pi administrators should keep informed of newly publicized issues affecting the device, and apply appropriate mitigation measures.
Raspberry Pis are a target because they are more often left exposed, not fully secured, or abandoned and vulnerable. Their computing power can be a target for cryptocurrency mining, they can be used to pivot to or attack other systems on the network, or for other nefarious purposes.
Excellent resources exist for securing a Raspberry Pi. They are listed below and should be followed. A synposis of some of the key measures from these recommendations follows, but step by step information should followed in these resources:
- Change the default password
- Create a new user with a long and strong/complex password. Give that user sudo permissions. Confirm it works then delete the default user, pi
- Make sudo require a password
- Modify the sshd configuration to allow only specific users for SSH access
- A recommended alternative to password login is to use key-based authentication
- Software updates
- Keep the system patched with the latest security updates
- Additional recommendation: Back up your configuration