I've just set up a Raspberry Pi 2 with the latest raspbian and installed some services.
For remote access I've installed tightvnc server which I set up to only allow connections from localhost. I can still access it remotely by first starting a SSH connection which opens a tunnel to the used port (e.g. via putty, or from linux with the command ssh pi@10.0.0.1 -L 5901:localhost:5901).
I only opened my firewall for SSH, (S)FTP and HTTPS to the raspberry pi but obviously can access everything within the local network either from a SSH connection or from within the VNC connection to the Pi.
I can even access my local windows machines by opening a VNC/RDP connection from within a Pi VNC session and I'm thinking about enabling wake-on-lan on local devices so that I could even boot them from everywhere.
This access to the local network is pretty convenient but actually there's no real need for it so I'm asking myself (and you...) if I just opened up a big security whole.
What I actually would like to know:
- Is remote SSH access to the Pi considered secure? I pretty much need this so I'd really don't like to disable it. It's kind of a must have...
- Is access of VNC services on the Pi over the SSH tunnel an additional security risk or doesn't it make any difference when I'm already opening SSH access? More or less a nice to have...
- Is access to my local network (via SSH or VNC on the Pi) an additional security risk? How could I prevent it without completely blocking remote connections to the Pi? This is strictly a nice to have...
I'd really appreciate opinions to those questions!
Thanks & best regards
Ps: I'm talking about a private network so there's no company data at risk but I still don't want to open security vulnerabilities for some nice to have features...
Aucun commentaire:
Enregistrer un commentaire