Home media hub, security cam system or just a straightforward project box – the Raspberry Pi is versatile and popular. But this popularity could lead to your Pi being hacked or even stolen, resulting in you losing time, effort and data. So what can you do about it?

Change Your Default Password

The default password for your Raspberry Pi should be changed. Often, it isn't, yet doing so is simple.

muo-security-config

To change your Pi's password (assuming you're using Raspbian – for your favourite Pi-flavoured distro, check appropriate documentation) boot it up, open the Terminal and run 

        sudo raspi-config

to display the configuration tool.

muo-security-config-pwd

Here, select the Change User Password option, and follow the instructions.

This is actually the simplest method of changing your Raspberry Pi password. The quickest is to just type 

        passwd

into the terminal, and input a new password when prompted; this method doesn't require the sudo command, as it is for the pi user that you are already signed in as. Note that when you input the password, no text is displayed on screen, keeping your new secret code safe.

muo-security-config-pwd-change

If you were changing the password of a different account, then 

        sudo

would be required.

Which brings us to an interesting point: can you change the pi username as well?

Changing The Default Username

If an intruder has your username, they're half way to accessing your data. As such, you should change the pi username to something else.

As deleting the account could be dangerous without ensuring you have the correct permissions elsewhere, the best option is to create a new superuser account: 

        sudo useradd -m christian -G sudo

The -m condition creates a home directory for the user, while the second "sudo" adds the user to that group.

Next, enter: 

        sudo passwd christian

This will allow you to set a password for the new user (in this case, called "christian").

Your new account should now have the same permissions as pi, as both are in the sudo usergroup.

muo-security-config-pwd-visudo

Before deleting pi, logout of the account and then login again using your new account, and attempt to run 

         sudo visudo

again. If successful, your account is ready to take command.

Keep your

In the terminal, enter 

        sudo deluser pi

to delete just the user account. You can leave it there if you like, or also remove the /home/pi directory as well with 

        sudo deluser -remove-home pi

.

These are far better options than leaving the default pi/raspberry username/password combination intact, wouldn't you agree?

Firewalls And The Raspberry Pi

This ridiculously flexible little computer can be setup to act as a physical firewall, a first point of entry into your home network (or even in reverse, as a secure anonymous gateway to the world at large). However, this isn't what we're discussing in this guide.

Instead, we're looking at methods of securing your Raspberry Pi. Various software firewall apps are available for the Pi, but perhaps the most impressive is the powerful Firewall Builder, an easy-to-use GUI that will configure various firewalls including iptables, which is pretty tricky to setup correctly.

Install using 

        sudo apt-get update
sudo apt-get install fwbuilder

In the Raspberry Pi GUI (type 

        startx

in the command line to launch), you'll find Firewall Builder listed in the Other submenu. Follow the instructions to create your firewall, and save the script. For the best results you'll need to make sure that the script is loaded before your Pi connects to the network. To do this, open the /etc/network/interfaces script in a text editor and modify, adding: 

        pre-up /home/pi/fwbuilder/firewall.fw

Finally, add this to the section of the script marked Epilog: 

        route add default gw [YOUR.ROUTER.IP.HERE] eth0

This will ensure you can still reach the Internet. You're now done, and your Pi is secure from online intrusion!

A Raspberry Pi Under Lock & Key

That Raspberry Pi of yours is certainly an impressive box of tricks. A less trustworthy person might even be tempted to unplug it and squirrel it away in his pocket… if he didn't already own one!

muo-security-config-key2

Small dimensions do make this little computer extremely easy to pocket, so it is a good idea to keep it and your data under lock and key. When your Pi isn't in use, place it in a locked drawer; if it is switched on at all times you should similarly consider placing it in a locked container, albeit one with plenty of airflow.

Also, remember to make backups of your SD cards and any other connected data regularly, lest they be stolen or subverted.

Security: Raspberry Pi Style

Everyone with an Internet connection can use Google to find the default username and password of your Raspberry Pi. Don’t give intruders that opening – change your default credentials, and while you're at it, setup a firewall and make sure you have a safe place to store your Raspberry Pi!

Do you have any security tips to add for your Pi?