A good term to google for is "hardening a Debian server." There are many articles and several good books for people with various backgrounds.
On Tue, May 27, 2014 at 8:13 PM, Przemek Klosowski <[email protected]> wrote: > On Tue, May 27, 2014 at 7:29 PM, <[email protected]> wrote: >> >> I'm connecting a BB to the internet and want to make sure it is relatively >> secure. Things like Cloud9, BoneScript, and root default password are all >> things that might leave open security holes. >> >> I'm no Unix expert so I'll pose the question here. Can anyone point me to a >> guide for what I should do to make the BB secure for long term autonomous >> connection to the Internet? > > Well, that's a difficult question. You connect it to the Internet so > that it's capable of performing certain functions that you want, but > you want to secure it so that it will not do anything that you don't > want. The best approach, then, is to rigorously specify what's > allowed and what's not, and implement controls that match this spec. > You have several tools in your disposal: > > - you can set up an independent firewall in front of your device: if > your device is on a home/ISP network you probably have a router that > already implements that. > > - the BBB can run the Linux firewall (iptables) that control the > network traffic into and out of your device > > - if your requirements can be met by your BBB always originating > traffic, things are easier: both iptables and ISP router firewalls > support outgoing connections out of the box, and your BBB is in > control of the traffic. You have to pay attention to DNS---DNS > spoofing is the principal vulnerability for this kind of setup > > - if you need to connect to the BBB from the outside, you want to > limit the open ports and implement it in a cryptographically secure > way, by using SSH/SSL/TLS or IPsec. This is tricky to get right, > because there's always a possibility of vulnerabilities like > Heartbleed > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google Groups > "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
