A Raspberry Pi is an awesome development platform which, by default is configured to be accessible and open. Attackers know about this vulnerability and leverage botnets to identify and automatically compromise such linux systems on WPI’s network. It has been witnessed that newly installed Raspberry Pis can be scanned and compromised by botnets in under 3 minutes when not properly protected.
Please apply the defenses below to protect your Raspberry Pi.
Enable a firewall to block unwanted connection attempts
A firewall will block incoming connections to your Raspberry Pi and help safeguard network/server applications. WPI’s Information Security Office advises using Uncomplicated Firewall (UFW) on Raspberry Pis.
- Install UFW
sudo apt-get update
sudo apt-get install ufw
- Enable UFW
sudo ufw enable
- Deny incoming and allow outgoing network traffic
sudo ufw default deny incoming
sudo ufw default allow outgoing
- Review the UFW configuration
sudo ufw status verbose
- Reboot your Raspberry Pi
If necessary, UFW can be configured to open specific ports to specific hosts – allowing the Pi to be used as a server. The general syntax for commands are as follows:
sudo ufw allow <Port> from
Please visit Related Actions for more information.
Change the Raspberry Pi Default Password
The default credentials for a Raspberry
Pi are username:
pi and password:
raspberry. Attackers know this too, and
are actively looking to exploit default login credentials using botnets which
continuously scan the internet for vulnerable linux machines. The solution is
to change the default password to something unique and more complex.
More information is in the Related Article Password Safety.
Keep software up-to-date
Ensuring up-to-date software by applying new patches is always good advice for keeping any system safe. For your Raspberry Pi, it is important that you remember to update at least once per week. Updates can be conducted by simply using the following commands:
sudo apt-get update
sudo apt-get full-upgrade
Disable SSH login over Root
The root user account has administrative rights over the entire linux system and every linux device has a root user. Every attacker knows the root user exists on linux machines and will relentlessly try to brute-force the password. This can be avoided entirely by simply disabling SSH login to root using the following instructions.
- Edit the file
- Search for the line
- Remove the leading hash character [#] to “uncomment” the line (if this line does not begin with #, then root has already been disabled for you)
Some Helpful Definitions
Two or more computers connected for the purpose of sharing resources. The most common resource shared today is connection to the internet. When you connect your phone to your home's Wi-Fi, you are connecting your phone to your home network and through that, you connect to the internet.
A system designed to prevent unauthorized access to or from a private device. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private.
When a developer discovers a vulnerability or issue in their software, they release a “patch” to fix the broken code. These patches can be applied to a user’s software by installing the most recent updates.
An attack on authentication systems involving an attacker using computers to rapidly try thousands (or millions) of passwords. The attempted passwords are based on default credentials, common passwords, or even knowledge about a specific victim.
The administrator account on linux systems that has permission to do anything on the system. Users should refrain from doing any work while logged-in as root, as it is commonly insecure and mistakes can be made.