0

I am going to host a small server for small text-based webservice on a RPI as I dont have funds for a remote server. Someone might pehaps try to hack it someday, and as I am only a hobbyist, I assume we are in a scenario where the hacker has access to the whole RPI.

So, how do I make it difficult for the attacker to get access to my other devices and router on the system?. Like, what security practices should I incorporate? Like for instance use a vpn, proxy or something like that?

I have read this thread also: What should be done to secure Raspberry Pi?

I am thinking about running a spring-boot and some SQL program using an ordinary user account (no root privelages) with write and read permissions.

Clone
  • 215
  • 2
  • 10
  • 1
    The Pi is a computer. Do exactly what you would do for any other computer. If hackers can reach your Pi you have already failed. – Milliways Sep 25 '22 at 06:30
  • This is not a Pi-specific question... Should have been posted somewhere else – Vadim Sep 26 '22 at 09:20

1 Answers1

1

Put the Pi in a DMZ.

You can create a DMZ by adding a second router

                               +----+
                               | Pi |
                               +----+
  (---------)    +-------+        |       +--------+        (----------)
(  internal  )---|router1|----------------| router2|-------(  Internet  )
 (  network )    +-------+                +--------+         (----------)
   (-------)

On router 2 you enable the portforwarding to the Pi, on router 1 you do not enable any portforwarding. This effectively protects the internal network from the Pi as much as it was usually protected from the Internet.

Of course, the Pi requires a bit more attention, being exposed to the outside world. Keep everything up-to-date, remove all software that is not required, and review the logs regularly.

Ljm Dullaart
  • 2,491
  • 9
  • 15