Raspberry Pi Security Measures
Basic security measures are the same for PiLink’s PL-R4/R5 series as for ordinary Raspberry Pi.
Please refer to the following and consider stronger security measures depending on your environment and usage.
Change default username and password
If a default user name “pi” and initial password have been set, be sure to change to a strong password.
Switching to a new user other than the “pi” user is also a good way to enhance security.
Disable automatic login
When auto-login is enabled, the desktop screen appears without the need to enter a user name and password when the power is turned on. Since anyone can use the system as it is, it is recommended to disable automatic login for security reasons.
Review SSH authentication methods
There are two types of SSH login authentication methods: password authentication and public key authentication.
When SSH is enabled, there is a risk of being logged in by a brute force attack (brute force attack of password combinations) if the password authentication method is used. It is said that passwords of 10 or 12 digits or more are more difficult to break through, but the password decryption time for brute force attacks has been getting faster in recent years.
It is more secure to disable password authentication and set to public key authentication method.
Change SSH port number
It is widely known that the default SSH port number is 22.
Since it is vulnerable to attack, changing the port number is a countermeasure.
Prohibit Root users from connecting by SSH
Setting a password for the Root user is a risk because Root privileges allow any work to be done, and if the Root password is deciphered by an attacker, it can be hacked or taken over.
By default, there is no password set for the Root user with administrative privileges, but if you do set a password, please disable SSH login for the Root user to prevent external intrusion.
Deployment of firewalls
Even with Raspberry Pi, installing a firewall is effective in improving security.
There are firewalls available for the Raspberry Pi OS such as ufw (Uncomplicated Firewall).
Closure of unneeded ports
If unused ports are opened, the risk of unauthorized access from the outside is increased.
You can reduce the risk by closing unused ports on firewalls such as ufw.
Software and OS updates
Installed software and operating systems should be updated regularly and the latest security patches should be applied. This will fix known vulnerabilities.
Increase the security of your wireless network
The basic measures for connecting to a network via wireless are the same for Raspberry Pi as for ordinary PCs and smartphones. Use a reliable network and employ WPA3 or strong encryption.
Encrypting the password (passphrase) for Wi-Fi connections is another security measure.
▶Technical blog reference article: How to set up Wi-Fi on your first industrial Raspi
For on-site use, industrial security routers can be deployed between the router and the external network, or security can be strengthened by setting restrictions using the white list method.
Prepare for data loss
While ordinary Raspberry Pi systems write the system to SD cards, which raises concerns about SD card durability and data loss due to removal, PiLink’s industrial Raspberry Pi systems write the system to an onboard eMMC, which reduces such risks.
In addition, keeping backups of images makes it easier to recover in the event of a failure.
Disable unnecessary functions and services
Unused functions and services left enabled can lead to the risk of attacks without proper updates and security fixes. For example, SSH, VNC, Wi-Fi, unneeded user accounts, and software that is no longer in use should be deactivated or removed.
Vulnerability Disclosure Policy
Please see below for our vulnerability disclosure policy regarding our industrial Raspberry Pi products.