We learned that the IoT has brought a whole new wave of possibilities. It brought a new wave of security concerns as well. IoT devices are connected all the time. That makes them even more vulnerable than desktop systems. A security bug can allow an attacker to take control of things remotely anywhere in the world. An attack might remain unnoticed for a long time. As these devices are working with the physical world, some damages can be catastrophic. The IoT is at an early stage and not many security standards are available. Security is an ongoing process. There is no complete secure point that can be achieved. Covering all aspects of IoT security will become a big book in itself. Let us see a few points that will make things more secure:
- Security vulnerabilities get discovered. Upgrade at OS and application level is important. BeagleBone comes pre-installed with stable Debian with a security repository enabled in
/etc/apt/sources.list. You need to run the commandapt-get update && apt-get upgradeto upgrade all the security-fixes. Do not install software from untrusted sources. - Often services have configuration files that allow modification of security parameters, for example
/etc/ssh/sshd_confighas a configuration option to disable root login via SSH. - Open only required ports needed for your work. On BeagleBone you can find open ports by running the command
nestat –plntu. Don't use weak protocols like Telnet, Universal Plug and Play (UPnP). Use a firewall with the correct rules. - Keep an eye on your data. Avoid data transfer and storage in plain text. Use encryption wherever possible. Use virtual private network (VPN) whenever possible.
- Do not use root login unless necessary. BeagleBone gives root access without a password. You should set a strong password for a root account. The default password for non-root users should be changed. Limit sudo access to a few commands only.
- Secure your local network. Anybody inside the network can open the bone101 page and Cloud9 with a root shell. Use a strong Wi-Fi password. Change the default router admin password. Use strong encryption for Wi-Fi. Limit your Wi-Fi range only to cover the longest connected device in LAN.
- Prevent physical access. Serial and Joint Test Action Group (JTAG) access can be possible with physical access. On BeagleBone, physical access allows you to copy/manipulate files on a SD card as well as onboard embedded MultiMediaCard (eMMC) storage.
- Create a failover plan. Make frequent backups.
Please note that these are good security practices. This does not guarantee your thing will be completely secure.
BeagleBone Black has dedicated bugs page here: http://bugs.elinux.org/projects/beaglebone-black/issues. To learn more about security on Debian, visit https://www.debian.org/security.