Security
From OESF
(Zaurus Security - Top Level) |
(revert spam) |
||
(4 intermediate revisions not shown.) | |||
Line 1: |
Line 1: | ||
| - | |||
<H2>Security</H2> | <H2>Security</H2> | ||
Line 5: |
Line 4: | ||
Firstly, keeping someone with physical access to it from easily getting control. Secondly, ensuring that when it's on a network, an outsider can't break into it! | Firstly, keeping someone with physical access to it from easily getting control. Secondly, ensuring that when it's on a network, an outsider can't break into it! | ||
| + | |||
| + | <h3>Locking down local access</h3> | ||
| + | |||
| + | Set a password on the root login. | ||
| + | |||
| + | |||
| + | |||
| + | <h3>Networking</h3> | ||
| + | The Zaurus is a very flexible device when it comes to networking, not just 802.11 wireless networks but also bluetooth, GSM/GPRS/EDGE (and probably, soon 3G). | ||
| + | |||
| + | <b>Remote ssh access</b> | ||
| + | |||
| + | Ideas: | ||
| + | |||
| + | Disable password-less access via ssh? | ||
| + | |||
| + | Disable root login by sshd? | ||
| + | |||
| + | Allow only key-pair authentication? | ||
| + | |||
| + | |||
| + | |||
| + | <b>Bluetooth</b> | ||
| + | |||
| + | Securing bluetooth require several things, setting a good PIN (preferably more than 4 digits), hiding the device, and turning off services you don't need! | ||
| + | |||
| + | [http://www.oesf.org/index.php?title=Bluetooth#Securing_Bluetooth Securing Bluetooth] - notes about making your Zaurus less visible. Note that just because a device is not discoverable doesn't protect it - a brute-force scan is possible to discover "hidden" bluetooth devices! | ||
| + | |||
| + | |||
| + | <b>IP Firewalls</b> | ||
| + | |||
| + | This is a big subject by itself. Most Zaurus operating systems have [http://www.iptables.org/ iptables] built in (or are packaged nicely in a feed), which allows you to control inbound, outbound and forwarding of packets. Most people only really need to control inbound packets and allow everything out. A very simple script to do this looks like: | ||
Current revision
Security
There are several aspects to Zaurus security.
Firstly, keeping someone with physical access to it from easily getting control. Secondly, ensuring that when it's on a network, an outsider can't break into it!
Locking down local access
Set a password on the root login.
Networking
The Zaurus is a very flexible device when it comes to networking, not just 802.11 wireless networks but also bluetooth, GSM/GPRS/EDGE (and probably, soon 3G).
Remote ssh access
Ideas:
Disable password-less access via ssh?
Disable root login by sshd?
Allow only key-pair authentication?
Bluetooth
Securing bluetooth require several things, setting a good PIN (preferably more than 4 digits), hiding the device, and turning off services you don't need!
Securing Bluetooth - notes about making your Zaurus less visible. Note that just because a device is not discoverable doesn't protect it - a brute-force scan is possible to discover "hidden" bluetooth devices!
IP Firewalls
This is a big subject by itself. Most Zaurus operating systems have iptables built in (or are packaged nicely in a feed), which allows you to control inbound, outbound and forwarding of packets. Most people only really need to control inbound packets and allow everything out. A very simple script to do this looks like:
