|
<< Click to Display Table of Contents >> Navigation: Introduction > Security |
One of the primary uses for RigPi is to allow you to control your station when you are away from home. Remote control requires that you open paths through your router to allow incoming data to establish a connection with RigPi. Without further safeguards RigPi's password/account system is open to malicious attack that could render your RigPi useless.
While RigPi is technically capable to operate remotely across public networks like the Internet, it's design and development to date has been focused on use within trusted private networks (home and/or VPN.)
RigPi 3.0 has been tested with the Joval vulnerability scanner and no vulnerabilities were found.
https://jovalcm.com/topics/open-source-oval-scanner/
OpenVPN
A technology called OpenVPN is one way to increase protection since it uses an encrypted key at both ends of a connection to prevent others who don't have the key from invading your system.
Two links to sites that show simple ways to install OpenVPN on the RigPi server are listed below:
https://www.youtube.com/watch?v=04EmeXSZo_0
The two approaches are similar, use either one.
Fail2ban
Fail2ban is installed on RigPi to help prevent intrusions. Fail2ban attempts to alleviate attacks by providing an automated way of not only identifying possible break-in attempts, but acting upon them quickly and easily in a user-definable manner. Please Google Fail2ban for more details.
The maximum number of failed attempts and the length of time an associated IP is blocked can be set in Fail2ban. RigPi allows three failed attempts after which the IP is blocked for one hour. When one hour has lapsed the block is removed. Fail2ban protects five services in RigPi:
RigPi Web access
Mumble
PhpMyadmin
Web bots
SSH access
Real VNC provides its own intrusion protection so it is not necessary to use Fali2ban for this purpose.
Raspberry Pi Updates
It is critical to keep Raspberry Pi files up-to-date for security reasons. When vulnerabilities are present your system can be hacked. RigPi 3 updates Raspberry Pi files automatically.
Remote RigPi Without Port Forwarding
RigPi normally requires ports to be opened on your router because that is the only way to connect to a server. RigPi uses a web server for radio control and a VoIP server for Mumble. By using a remote server you can forget about opening ports, port forwarding, and the security downsides to running a server on the Internet.
Real VNC (realvnc.com) provides the VNC software for the Raspberry Pi. A VNC server is installed that allows you to use VNC Viewer to access the Raspberry Pi desktop. Real VNC also provides a free way to use their server using a Home account limited to 5 computers. You must set up an account with Real VNC, but once that is done, you can connect the server on your Raspberry Pi and any viewers to their server. To establish the necessary connections no port forwarding or knowledge of your Internet IP is required.
In VNC Viewer you can connect to the Raspberry Pi desktop. From there you can run RigPi or any of the digital mode programs.
You can find full instructions on the Real VNC web site.
The other server running on RigPi that requires port forwarding is the Mumble server for two-way audio. Murmur servers are also available on the Internet for little or no cost. Rather than connect to the server on RigPi, by using a remote server you will not need port forwarding.
One popular Mumble server service is Mumble.com. If you sign up for a 2-year account the cost is under $4 per month. There are many other servers available (over 55 in the US alone), just check the list in Mumble>Public Servers.