[aprssig] Turn-key IGate

Scott Miller scott at opentrac.org
Fri Mar 25 12:37:20 CDT 2016


> If you think it's possible to drop a Pi on the Internet and walk away, 
> you're in for a rude surprise.
>

With proper care in its setup, it's certainly possible to keep it 
secure.  A dedicated Igate only needs to make outbound connections; it 
doesn't even need to respond to pings.  If you need SSH access you can 
lock it down to specific source IP addresses or you can use port 
knocking to only open the port on demand.

My next tracker/TNC will be an IGate, too, and the chances of being able 
to subvert it are slim, even for a targeted attack.  The code runs from 
flash memory and the system can disable code execution from RAM so even 
if an attacker was to find a buffer overflow there's no way to inject 
arbitrary code.

Scott
N1VG


More information about the aprssig mailing list