4

I recently bought a Raspberry Pi, and I would like to attach it to my local network and (via port forwarding) let it be reachable from 'the outside world'.

My plan is to run Apache with PHP on it, and then from the outside navigate to some URL on my Apache / Raspberry Pi, and turn on/off some devices from the GPIO ports.

Now I am new at Linux, so I'm a little worried about opening up a Linux machine to the outside world, for everyone to see (and hack).

Is the default Raspbian install safe enough to do this, when I manually (or if can get it to work automatically) update the OS, Apache and PHP installs?

Peter Mortensen
  • 2,004
  • 2
  • 15
  • 18
Michel
  • 1,124
  • 4
  • 14
  • 21

2 Answers2

3

There is no simple answer for your question. What do you mean by secure? Why it should be safe by default? It is as secure as your operating system and probably your router (I assume that you have integrated some simple FW there) and of course your Appache instance and web service you are developing.

There are really many factors that makes your system secure. If you will upgrade software quite often, configure your server properly, disable unused features and of course take care of appropriate security solutions in your web service it could be secure enough for your needs.

Of course nobody will give you 100% warranty that your system will not be hacked (unless it will not be connected to network).

codewarrior
  • 501
  • 2
  • 7
  • You are right, i am probably looking for some secure feeling you can't give me (guaranteed) – Michel Dec 04 '12 at 13:15
  • The thing is that you can do a lot and make it as secure as you need. I mean you don't need as sophisticated solution as e.g. banks are using, but from the other hand don't live the "doors open". – codewarrior Dec 04 '12 at 14:05
0

If you can't answer that question yourself, you probably can't make it secure. Yet. Also keep in mind, once you open up access, you're potentially opening your entire inside network up since the RPi is behind your firewall's protection. I'd suggest going slowly and only opening it up when you are sure it's reasonably secure. That means you're going to have to learn a lot, but that's a good thing.

Depending on what you open, the default raspbian install is (arguably) not secure. The pi user has sudo access without entering credentials, and the default password is well known. At least make sure you secure that account before you open up access and don't inadvertently allow it to be used.

Definitely read up on securing apache and PHP, but also learn how to test your system externally so you can know it's as tight as you want it to be.

bobstro
  • 3,998
  • 14
  • 27