New PI appliance setup best practices?

General Discussion

New PI appliance setup best practices?

Postby gt3mike » Tue Mar 06, 2018 11:03 am

I have a brand new AD2PI appliance running on my network and communicating between my Vista panel and Indigo. All seems well, but I'm painfully aware of the fact that I haven't done any configuration on the PI itself, and that means I have default passwords and services enabled, etc.

Does anyone have any best practices and/or any resources to recommend? For example, changing the default "pi" password is an obvious candidate, but I don't know whether that might negatively impact anything unique to AD2PI appliance operation.

All advice is welcome. I'm reasonably familiar with Linux but this is the first PI I've worked with.

Thanks,
Mike
gt3mike
newt
newt
 
Posts: 13
Joined: Sat Feb 03, 2018 3:49 pm

Re: New PI appliance setup best practices?

Postby trialnerror » Wed Mar 07, 2018 6:16 pm

I've seen an install for dummies type post here not too far down in the general forum, though I didn't follow it. I've had AD2PI up for about a month and haven't touched a un*x command line in 25 years. That said, I installed the pi downloadable factory image, changed the pi password, installed iptables-persistent and some rules, and did a sudo apt-get update, sudo apt-get upgade, and updated the alarmdecoder webapp from within it and, knock wood, it is still running. Just make a backup image of your implementation and any goofs are easily reversed.
trialnerror
Junior Nut
Junior Nut
 
Posts: 38
Joined: Wed Jan 03, 2018 11:10 am

Re: New PI appliance setup best practices?

Postby gt3mike » Thu Mar 08, 2018 2:27 pm

I have the prebuilt Pi appliance from AD that includes a Pi with a premounted AD2 board. So all of the required setup was performed for me. What I'm unclear on is what additional changes I should make to secure it, and what I might break if I do so (e.g. changing the pi password, etc.).
gt3mike
newt
newt
 
Posts: 13
Joined: Sat Feb 03, 2018 3:49 pm

Re: New PI appliance setup best practices?

Postby sandman » Thu Mar 08, 2018 3:00 pm

It is mentioned here that you should change the default credentials asap.

Here is the official Pi documentation indicating some security points. I have no clue which of these might break this solution.
sandman
newt
newt
 
Posts: 2
Joined: Tue Mar 06, 2018 1:38 pm

Re: New PI appliance setup best practices?

Postby gt3mike » Thu Mar 08, 2018 3:25 pm

Thanks. Pi password changed. Any other security best practices that won't break my preconfigured AD2PI Appliance?
gt3mike
newt
newt
 
Posts: 13
Joined: Sat Feb 03, 2018 3:49 pm

Re: New PI appliance setup best practices?

Postby kevin » Thu Mar 08, 2018 8:36 pm

Install fail2ban and a firewall, make sure your software is up to date, change default passwords, enjoy

If you want, you can lock it down to key-based only authentication.
Not an employee of the company. Just here to help and keep things clean.
kevin
Platinum Nut
Platinum Nut
 
Posts: 994
Joined: Fri Aug 16, 2013 10:10 am

Re: New PI appliance setup best practices?

Postby Gordon » Sun Mar 25, 2018 5:56 pm

I dont know anything about the other parts of your system but here my RasPi and AD2Pi are not exposed to the Internet (WAN), but only the local network (LAN). To access it off site I use a VPN using the VPN server on my router. It adds an extra step but works for me. In order to compromise the RasPi you would need to first gain access to my LAN. The VPN server or hacking my WiFi from no more than 100 feet away are the only ways in and not trivial to accomplish.

IMHO, If you expose any server, esp web servers, to the Internet, then it takes a lot of work to maintain security.
Gordon
newt
newt
 
Posts: 17
Joined: Fri Nov 28, 2014 3:02 pm


Return to General

Who is online

Users browsing this forum: No registered users and 27 guests

cron