[aprssig] Turn-key IGate
Scott Miller
scott at opentrac.org
Fri Mar 25 13:37:20 EDT 2016
> If you think it's possible to drop a Pi on the Internet and walk away,
> you're in for a rude surprise.
>
With proper care in its setup, it's certainly possible to keep it
secure. A dedicated Igate only needs to make outbound connections; it
doesn't even need to respond to pings. If you need SSH access you can
lock it down to specific source IP addresses or you can use port
knocking to only open the port on demand.
My next tracker/TNC will be an IGate, too, and the chances of being able
to subvert it are slim, even for a targeted attack. The code runs from
flash memory and the system can disable code execution from RAM so even
if an attacker was to find a buffer overflow there's no way to inject
arbitrary code.
Scott
N1VG
More information about the aprssig
mailing list