From d0bff37552345bca3a24d73279053c0286017b67 Mon Sep 17 00:00:00 2001 From: HipsterBrown Date: Mon, 16 Jan 2017 16:07:00 -0500 Subject: [PATCH] updates after review feedback --- ...md => 2017-01-15-tessel-security-scorecard.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) rename 2017-01-11-Secure-Out-of-the-Box.md => 2017-01-15-tessel-security-scorecard.md (55%) diff --git a/2017-01-11-Secure-Out-of-the-Box.md b/2017-01-15-tessel-security-scorecard.md similarity index 55% rename from 2017-01-11-Secure-Out-of-the-Box.md rename to 2017-01-15-tessel-security-scorecard.md index 7c705e3..16273a1 100644 --- a/2017-01-11-Secure-Out-of-the-Box.md +++ b/2017-01-15-tessel-security-scorecard.md @@ -1,6 +1,8 @@ -# Secure Out-of-the-Box +# Tessel's Security Scorecard -How Tessel covers the [5 Easy Ways to Secure Your IoT Devices](https://www.sparkfun.com/news/2264) from the start. +In late October of 2016, an estimated 100,000 Internet-connectied devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. + +Now that it is known how Mirai managed to infect all of these Internet-connected devices, Sparkfun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). The Tessel team has always been proud of the Tessel 2's out-of-the-box experience, so we wanted show off the board's security scorecard based on Sparkfun's list. 1. Unplug It 2. Power Cycle @@ -21,11 +23,11 @@ You control where to power Tessel and even how to power it. Battery, wall socket There is a handy `t2-cli` command for doing this: `t2 reboot` -## Change the Default +## Change the Default Password > Seriously, if you do only one thing to secure your device, do this. -We did! Our [provisioning system](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan) is the only way to access the root system of Tessel over a network and requires a physical connection, like USB, to setup. +We did! Our [provisioning system](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan) is the only way to access the root system of Tessel over a network and requires a physical connection, like USB, to set up. ## Update Firmware @@ -37,7 +39,7 @@ Tessel runs an open-source, embedded Linux distribution called [OpenWRT](https:/ > The biggest security flaw in UPnP is that programs inside your network can automatically request port forwarding from the router. -We ship Tessel without any support for UPnP, as evidence by the [config files in our `openwrt-tessel` repo](https://github.com/tessel/openwrt-tessel/tree/master/files/etc/config). OpenWRT requires the [miniupnpd package and corresponding config file](https://wiki.openwrt.org/doc/howto/upnp) to enable UPnP. +We ship Tessel without any support for UPnP, as evidenced by the [config files in our `openwrt-tessel` repo](https://github.com/tessel/openwrt-tessel/tree/master/files/etc/config). OpenWRT requires the [miniupnpd package and corresponding config file](https://wiki.openwrt.org/doc/howto/upnp) to enable UPnP. ## (Bonus) Disable Telnet and SSH @@ -45,4 +47,6 @@ We ship Tessel without any support for UPnP, as evidence by the [config files in We literally have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). That process can only happen using `t2-cli` over a physical, USB connection, meaning no root access for rouge, third-party bots scavenging the Internet. -Thanks to the folks at Sparkfun for sharing that awesome post. The Tessel team is always working on improving the out-of-the-box experience for anyone getting started with hardware and Internet-connected devices, so we're happy to say that when you get a Tessel you're secure from the start! +## Wrap Up + +Thank you Sparkfun for sharing that awesome post. Be sure to review all your Internet-connected devices' security scorecard and rest assured that the Tessel project is focused on keeping our boards secure. Check out the [Johnny-Five Inventor's Kit](https://www.sparkfun.com/products/13847) to start creating your own IoT projects and experiment. Join the [Tessel community](https://tessel.io/community) to learn more about what other people are building and how to start contributing to the Tessel project.