GUF-Yocto-34.0-r5756-0
VINCELL
User Manual
10
Securing the device
The meaning of security for embedded systems is often underestimated. This chapter should sensitize customers
to the needs of security and disclose some of the typical security holes. It also provides some tips and hints for
the implementation of well chosen security mechanisms. Since we cannot cover the big amount of security issues
in this manual we strongly recommend to read further secondary lecture regarding this topic.
Note:
For the following list of security risks, no claim of completeness can be made. There may arise
other risks or - on the opposite - limitations in the design of your application by following the instructions
provided in this chapter.
10.1
Services
The default configuration of a Garz & Fricke device can be described as "developer friendly". This means, all
services are available and activated. Depending on the final application, this might be either helpful or a security
risk. Once the development has been finalized, we recommend a review of the required services and to disable
all services and features which are not used. See the chapter
[
I
on how to disable.
Special care needs to be taken, for example for:
Telnet
The chapter
[
I
describes the telnet service. For production devices it should be
carefully decided if this feature is needed and how it is secured. At least the password and user suggestions from
[
I
10.2 User permissions concept]
should be implemented.
SSH
There is a ssh services enabled by default on Garz & Fricke devices with Yocto. Additionally to the
password and user suggestions from
[
I
10.2 User permissions concept]
there are more hints on securing the
ssh service in the chapter
[
I
. It is possible to restrict the users allowed using this service,
lock a sftp access to a subfolder only and create custom crypto keys.
10.2
User permissions concept
Linux is designed as a multiuser system and provides a mechanism known as
file permissions
. Each file has an
owner, a group and flags that grant
write
,
read
and/or
execute
permissions to the owner, the group or anybody.
Additionally there is a super user, called root, who has access to all files. More information on this concept can be
found at:
http://www.tldp.org/LDP/gs/node5.html
Customers should follow the principle of minimal privilege for user rights on the devices. Please note that Garz &
Fricke tools are usually assigned with access rights for all users since it is more developer friendly.
10.2.1 Root password
Since Garz & Fricke is an OEM manufacturer and we are delivering serial-produced devices to several customers
a default root password would lead to a form of pseudo security. Moreover a default password for all devices is
highly vulnerable. For this purpose our devices usually have no root password set. Is is essential that a password
will be set by customers before the devices are deployed. This is the minimum security measure to be done.
Setting the root password on the device:
root@vincell:~# passwd root
Changing password for root
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password:<enter your secure password>
Re-enter new password:<enter your secure password>
passwd: password changed.
root@vincell:~#
What does it mean if no root password is set?
Without root password attackers might connect to the device
via serial console, SSH or FTP and have full system control since the root user usually have all permissions.
49