10 Ways to Keep a Rogue RasPi From Wrecking Your Network

A Raspberry Pi attached to the network at NASA JPL became the doorway for a massive intrusion and subsequent data loss. Here's how to keep the same thing from happening to your network.
Network: Have a Plan
Network: Have a Policy
Network: Segment for Safety
Network: Close Your Ports
Network: Know the Network
RasPi: Use Real Credentials
RasPi: Update on Purpose
RasPi: Kill Unnecessary Services
RasPi: Give Sudo a Password
RasPi: Have a Firewall

Since 2011, engineers, students, and hobbyists have been using a small Linux server called the Raspberry Pi (or RasPi, for short). Many of these servers, roughly the size of a deck of playing cards, are in workshops and classrooms, but their capabilities have made them popular with corporate engineers and scientists looking to solve specific problems on a small budget.

But with that popularity has come the inevitability of RasPis being attached to corporate networks, with results that can be, well, problematic. For example, a report issued last month by NASA's Inspector General on security at its Jet Propulsion Laboratory (JPL) cites a serious intrusion into the network — one that began in a vulnerable RasPi attached to the network without the approval or knowledge of the IT team.

There are now a dozen different RasPi versions, including the new Raspberry Pi 4, which includes models with up to 4 gigabytes of RAM and a powerful ARM processor. Even with the new specifications, RasPis start at $5 and top out at $55 per system.

If history is any indication, more individuals will decide they can solve problems without bothering with enterprise requisitions or approvals. So how can an enterprise security team protect the corporate network from these "rogue" RasPis? 

We've collected 10 possibilities to get you started, five aimed at applying protection to the network and five aimed at making the RasPi itself less vulnerable to intrusion. Implementing any one will make your network safer. Implementing all should go a long way toward ensuring that RasPis are good, safe, citizens on your enterprise network.

(Image: goodcatfelix VIA Adobe Stock)

Next slide
Recommended Reading: