On Tue, May 27, 2014 at 7:29 PM, <[email protected]> wrote: > > I'm connecting a BB to the internet and want to make sure it is relatively > secure. Things like Cloud9, BoneScript, and root default password are all > things that might leave open security holes. > > I'm no Unix expert so I'll pose the question here. Can anyone point me to a > guide for what I should do to make the BB secure for long term autonomous > connection to the Internet?
Well, that's a difficult question. You connect it to the Internet so that it's capable of performing certain functions that you want, but you want to secure it so that it will not do anything that you don't want. The best approach, then, is to rigorously specify what's allowed and what's not, and implement controls that match this spec. You have several tools in your disposal: - you can set up an independent firewall in front of your device: if your device is on a home/ISP network you probably have a router that already implements that. - the BBB can run the Linux firewall (iptables) that control the network traffic into and out of your device - if your requirements can be met by your BBB always originating traffic, things are easier: both iptables and ISP router firewalls support outgoing connections out of the box, and your BBB is in control of the traffic. You have to pay attention to DNS---DNS spoofing is the principal vulnerability for this kind of setup - if you need to connect to the BBB from the outside, you want to limit the open ports and implement it in a cryptographically secure way, by using SSH/SSL/TLS or IPsec. This is tricky to get right, because there's always a possibility of vulnerabilities like Heartbleed -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
