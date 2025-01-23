Just like a PC, a Raspberry Pi can also be vulnerable to attacks if it’s not properly secured. Whether using it for personal projects or in a professional setup, as long as you connect it to the internet, it’s vulnerable to attacks. Attackers can exploit a Raspberry Pi, gain unauthorized access, and even compromise the devices connected to the same network. It can also be hijacked and used for malicious activities like botnet operations or for launching denial of service attacks. To stay safe, here are various measures you can take to ensure your Raspberry Pi's safety.

5 Change the default username and password

Default logins are easy to crack

The default username “pi” and password “raspberry” are publicly known. Hackers can easily access the device using automated scripts designed to exploit default configurations and gain control of the system. So you should use a strong password that is difficult to guess and should be long with a mix of uppercase and lowercase letters, numbers, and even special characters, and you should avoid using common words. You can use password managers to help you remember them easily. To change the default username and password, follow the steps below.

Open the terminal on your Raspberry Pi. Type the command: passwd. Enter your current password. Enter your new password and then confirm it by typing again.

You have now successfully changed the default password, and it’s time to change the username. To do this, you must create a temporary user and disable the default one. To do this:

Type the command sudo adduser “your preferred name.” In my case, I will use Sammy, so I will type sudo adduser Sammy. Add the command –allow-bad-names at the end of the previous command to allow all names if your Raspberry Pi throws the error “enter a username matching the regular expression,” as shown below. Enter the password in the New Password section. Retype the password to confirm, and you will see the message: “Password updated successfully.” Logout and log back with the new username and password. Delete the default account logins using the command: sudo deluser pi.

4 Require a password for every command

Protect attackers from running commands

The Raspberry Pi 4B connected to the bridge adapter for the CrowView Note 14

Requiring a person to enter a password before entering any command ensures that unauthorized actions are impossible to execute, even if someone accesses your Pi remotely or physically. In addition to preventing attacks like privilege escalations during online attacks when the intruder wants to elevate their permissions to access sensitive information, it also helps prevent malware from attempting to perform unauthorized commands.

Requiring a password is also essential to prevent accidental or unauthorized changes to the system configuration, especially when multiple users are accessing the Raspberry Pi. Commands that manage users, change network settings, or even update system packages are sensitive and should require authentication. To require a password for commands like Sudo, you need to modify the sudoers file. Follow the steps below to do this.

Run the command sudo visudo. Locate the Defaults env_reset option in the sudoers file, and just below it, add Defaults timestamp_timeout=0. This means sudo will ask for your password every time you run a command. You can change the zero value in timeout to any minutes you like. For example, to ask for a password after five minutes, add timestamp_timeout=5. Save the changes by clicking enter, or use CTRL+Y to confirm the changes and then CTRL+X to exit.

Now, you should be prompted to enter your password every time you use sudo.

You should update the OS to the latest version, as it includes fixes for security vulnerabilities and known threats, helps prevent avenues that attackers can use to attack the system, and comes with additional features. Various Raspberry Pi OSs are available, and the latest is based on Debian Bookworm. You can download the images from the Raspberry Pi operating systems page. Then, you can install the OS on your microSD card.

Upgrading the tools and applications installed on your Raspberry Pi is also crucial, as it helps patch possible security flaws. To update the packages and software, follow the steps below.

Type sudo apt update to update the local list of packages. When you finish, it should tell you the number of packages that you can upgrade. In my case, 93 packages are upgradeable. Run the command apt list –upgradable to see a list of them. Update all the installed packages by running the command sudo apt full-upgrade. You will be prompted to continue or not. Type Y to accept, then click enter. If you want to install a package to your Raspberry Pi, run the command sudo apt install <package-name>, and you can install it.

2 Setup a firewall

Monitor the ongoing and outgoing traffic

A firewall on your Pi, just like the normal systems, helps monitor and control the incoming and outgoing traffic. This helps ensure that only legitimate connections are allowed and that unauthorized users or malicious bots are prevented from exploiting your device.

It also helps detect and block suspicious activities like repeated failed login attempts or unusual data transfer patterns. To set up the firewall on Raspberry Pi, we will use Uncomplicated Firewall (UFW), a simple tool for managing the firewall rules. Follow the steps below to learn how to use it to set up the firewall.

Install UFW by running the command: sudo apt install ufw. Type Y, then click enter to continue. Enable UFW by running the command sudo ufw enable after installing. You can check the firewall status by running the command sudo ufw status.

If you want to disable the firewall, run the command sudo ufw disable.

1 Set up SSH key authentication and two-factor authentication

Enable verification requests for remote access

If you are accessing and managing your Raspberry Pi remotely using SSH, it’s essential to secure the SSH service by setting up authentication and two-factor authentication. SSH authentication verifies the identity of the users trying to access the device remotely. You do this by generating a pair of keys on your local machine: a private key that you store securely and a public key that you then share through the Pi server.

When you initiate a connection, the Raspberry Pi server asks your machine to prove it has the private key by sending a signature which the public key from the server then verifies by confirming your identity without transmitting any sensitive information. To do this:

Generate SSH keys on the local machine (not your Raspberry Pi) by running the command: ssh-keygen -t rsa -b 4096 -C "your email." For example, in my case, I will type: ssh-keygen -t rsa -b 4096 -C "ekaransammy8@gmail.com". You will see an option to enter the file to save the key. Enter the filename and click enter. You will be prompted to enter a paragraph, but it is not required. After applying the change, you will see the SSH key generated. Copy the SSH key to your Raspberry Pi using the command ssh-copy-id pi@raspberrypi_ip_address. The IP address of my Pi is 192.168.1.16, so I will type ssh-copy-id pi@192.168.1.16. But before doing this, ensure SSH service is enabled on your Raspberry Pi. You can do this by typing the commands: sudo systemctl enable ssh, then sudo systemctl start ssh. When you run the command to copy the key, you will be prompted to enter your Raspberry Pi password to authenticate the transfer. You should now be able to SSH into your Raspberry Pi using the key pair.

Secure your Raspberry Pi

Do not be fooled by a Raspberry Pi's small size into thinking hackers cannot exploit it. Whether you use it at home for simple Pi projects or as a regular PC, connecting it to the Internet and entering your personal information on various websites exposes it to various attacks. To secure your device and use it without fear of being attacked, follow the techniques we have highlighted above. As you do so, you should also ensure your physical environment is secure so that unauthorized people cannot access your Raspberry Pi.