[Xastir] FIXED No iGate, please help

Ken Koster n7ipb at wetnet.net
Thu Feb 16 08:34:32 PST 2017 

On Thursday, February 16, 2017 10:08:31 AM PST Jason KG4WSV wrote:
> > On Feb 16, 2017, at 9:19 AM, Den <W2DEN at comcast.net> wrote:
> > 
> > I'll let you explore how to create a root password, which I recommend.
> > Obviously those with more knowledge think we commoners, and the owner of
> > the Pi, should not use.
> Well, the problem was that you shot yourself in the foot by running
> something as root. Maybe they're onto something.
> 
> sudo is configured on by default for the pi user. Use of sudo instead of
> using a full root shell (su or sudo bash) or even worse logging in a root
> is considered best practice for security reasons. Using sudo allows minimal
> privilege escalation to accomplish a task and consequently minimizes risk.
> 
> If your pi is to be exposed to the internet, or maybe even on a home
> network, the passwords _should_ be changed for both the pi and root users.
> Default passwords are extremely insecure - there are days when I see over
> 10k brute force login attempts against a dozen or so systems, where
> attackers are looking for me and my users to rely on default or dumb
> passwords.

And one additional item to add to Jasons excellent comment.

Never, never, never put a pi on the internet without either putting it behind 
a firewall or installing the appropriate firewall rules on the pi itself.

Out of the box there is NO protection other than your password and those are 
far to easy to crack.

Put it behind your home router, or better yet put it on it's own subnet, and 
enable a port forward if you must have Internet access.  And for good measure, 
pick some other port number instead of the standard ssh port that everyone 
attacks and have that on the Internet facing side. 

The shear number of attacks on standard ports is incredible and if you have a 
system or two directly on the Internet, like I do, you put into place all 
kinds of additional tools to combat the bad guys.

For most casual use putting your RPi behind your home firewall and perhaps 
forwarding a port or two works,  but be careful.  There are far too many 
compromised devices out there and it's getting worse.
-- 
Ken - N7IPB
Email: n7ipb at wetnet.net
JID: n7ipb at jabber.wetnet.net
PGP Sig: F42B EF90 3CD3 31C7 3056  122E 993A 7B2E 5138 C42A 
“I never am really satisfied that I understand anything; because, understand 
it well as I may, my comprehension can only be an infinitesimal fraction of 
all I want to understand” -Ada Lovelace 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://xastir.org/pipermail/xastir/attachments/20170216/8fb2df0c/attachment-0001.sig>

More information about the Xastir mailing list