Homelab

22 readers

1 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news

Raspberry Pi security / safety (alien.top)

submitted 1 year ago by taxis-asocial@alien.top to c/homelab@selfhosted.forum

3 comments fedilink hide all child comments

I'm a software engineer but don't really know much about the hardware side. Did a math degree in college so I'm lacking in comp sci knowledge, to get my software job I jumped into fintech and learned the important software bits, design patterns, etc.

Anyways I want to make some gadgets using RPi or similar chips. For example I want to make a gadget with an e-ink screen that hits a public weather API endpoint once every 15 minutes and updates the screen with some weather info. Then I can put it in an encasement and just have it sitting on my desk and always have the weather info at a glance.

But when I started looking into this I saw all sorts of articles about securing you RPi and it seems like if you do it wrong you can introduce a security risk on your network. Is there a simple, even if heavy handed, solution to this? Such as, configuring my router to only allow that RPi device to make requests access certain endpoints, and not allow incoming requests at all?

you are viewing a single comment's thread
view the rest of the comments

[–] rxVegan@alien.top 1 points 1 year ago

Nothing inherently insecure about RPi in specific. Same rules apply to any device in your network: if you expose services to the internet, you are introducing potential security risks. Does it have to be open to everyone? Should you limit access to specific known trusted clients? Can you use VPN rather than exposing it to internet? Is your authentication scheme robust? What data does the device have access to and does it NEED to have access to all of it?

If your device only makes outgoing requests then your main concern is whether you trust the service its polling.