Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 56
  1. #1
    Senior Member
    Join Date
    Jan 2022
    Location
    Switzerland
    Posts
    146

    Ethernet Security tips ?

    Hello,

    I’m using RPi4 and Pcp and LMS with wired Ethernet. Could you give me some additional security advices.

    There is already:

    - Change Pcp password.

    Into LMS advanced security enable:
    - Password protection
    - Block incoming connection
    - CSRF protection level HIGH
    - CORS ??


    Is it possible to allow only one IP computer to connect it ?


    Any other ideas ?

    Thanks

  2. #2
    Senior Member Julf's Avatar
    Join Date
    Dec 2010
    Posts
    2,565
    Quote Originally Posted by PaulH View Post
    I’m using RPi4 and Pcp and LMS with wired Ethernet. Could you give me some additional security advices.

    Is it possible to allow only one IP computer to connect it ?
    Yes, by using (linux) firewall rules. Does pcp support ufw (uncomplicated firewall)?
    "To try to judge the real from the false will always be hard. In this fast-growing art of 'high fidelity' the quackery will bear a solid gilt edge that will fool many people" - Paul W Klipsch, 1953

  3. #3
    Senior Member
    Join Date
    Dec 2020
    Posts
    273
    Detach all cables, encase it in concrete and drop it in the ocean right on top of a tectonic plate boundary.

  4. #4
    Assuming you are using an external firewall and non routable IP addresses, the question is, what are you trying to protect against? Limiting user access on your internal network?

  5. #5
    Senior Member
    Join Date
    Feb 2011
    Location
    Cheshire, UK
    Posts
    6,613
    Quote Originally Posted by Bscott View Post
    Assuming you are using an external firewall and non routable IP addresses, the question is, what are you trying to protect against? Limiting user access on your internal network?
    My thoughts exactly.
    I seriously would not attempt to lock down to just one IP address as you could easily lock yourself out and not be able to get back in without a lot of hassle.
    Jim
    https://jukeradio.double6.net


    VB2.4 storage QNAP TS419p (NFS)
    Living Room Joggler & Pi4/Khadas -> Onkyo TXNR686 -> Celestion F20s
    Office Joggler & Pi3 -> Denon RCD N8 -> Celestion F10s
    Dining Room SB Radio
    Bedroom (Bedside) Pi Zero+DAC ->ToppingTP21 ->AKG Headphones
    Bedroom (TV) & Bathroom SB Touch ->Denon AVR ->Mordaunt Short M10s + Kef ceiling speakers
    Guest Room Joggler > Topping Amp -> Wharfedale Modus Cubes

  6. #6
    Senior Member
    Join Date
    Jan 2010
    Location
    Hertfordshire
    Posts
    9,422
    Quote Originally Posted by d6jg View Post
    My thoughts exactly.
    I seriously would not attempt to lock down to just one IP address as you could easily lock yourself out and not be able to get back in without a lot of hassle.
    I did that once

    Sent from my Pixel 3a using Tapatalk

  7. #7
    Senior Member
    Join Date
    Jan 2022
    Location
    Switzerland
    Posts
    146
    Quote Originally Posted by Bscott View Post
    Assuming you are using an external firewall
    No external FW


    Quote Originally Posted by Bscott View Post
    Limiting user access on your internal network?
    Yes, avoid unwanted external access on my internal network.

    Maybe the Pi with Pcp and LMS is only slightly vulnerable ???

  8. #8
    Senior Member
    Join Date
    Jan 2022
    Location
    Switzerland
    Posts
    146
    Quote Originally Posted by gordonb3 View Post
    Detach all cables, encase it in concrete and drop it in the ocean right on top of a tectonic plate boundary.
    I just want to avoid "exaggerations" and try to configure this with the maximum common sense...

  9. #9
    Senior Member
    Join Date
    Jan 2022
    Location
    Switzerland
    Posts
    146
    Quote Originally Posted by Julf View Post
    Yes, by using (linux) firewall rules. Does pcp support ufw (uncomplicated firewall)?
    It could be great idea, but I'm not sure ufw could works with Tiny Core Linux

  10. #10
    Senior Member
    Join Date
    Jan 2010
    Location
    Hertfordshire
    Posts
    9,422
    Quote Originally Posted by PaulH View Post
    No external FW


    Yes, avoid unwanted external access on my internal network.

    Maybe the Pi with Pcp and LMS is only slightly vulnerable ???
    Are you sure you have no external firewall? Modem/Routers normally have them built in.

    Sent from my Pixel 3a using Tapatalk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •