1. Manuals
  2. Brands
  3. GARZ&FRICKE Manuals
  4. Industrial PC
  5. GUF-Yocto-34.0-r5756-0-VINCELL
  6. User manual

Using Secure Network Protocols; Restrict Physical Access; Application Security - GARZ&FRICKE GUF-Yocto-34.0-r5756-0-VINCELL User Manual

Embedded computer systems
Hide thumbs
Table of Contents

Advertisement

GUF-Yocto-34.0-r5756-0
root@vincell:~# iptables -F
root@vincell:~# iptables -A INPUT -j DROP
This is the first step is a mandatory preparation for the following steps
Open SSH access only:
!
root@vincell:~# iptables -I INPUT 1 -i eth0 -p tcp --dport 22 -m state --state NEW,
ESTABLISHED -j ACCEPT
,
!
root@vincell:~# iptables -I OUTPUT 1 -o eth0 -p tcp --sport 22 -m state --state
ESTABLISHED -j ACCEPT
,
Open network access on port 80 and dns replies on port 53 from the device:
root@vincell:~# iptables -I INPUT 1 -p udp --source-port 53 -j ACCEPT
!
root@vincell:~# iptables -I OUTPUT 1 -o eth0 -p tcp --dport 80 -m state --state NEW,
ESTABLISHED -j ACCEPT
,
!
root@vincell:~# iptables -I INPUT 1 -i eth0 -p tcp -m state --state ESTABLISHED -j
ACCEPT
,
Save the firewall configuration persistent:
root@vincell:~# iptables-save > /etc/iptables.rules
!
root@vincell:~# echo "iptables-restore < /etc/iptables.rules" > /etc/network/if-pre-
up.d/iptables
,
root@vincell:~# chmod +x /etc/network/if-pre-up.d/iptables
Disable the firewall:
root@vincell:~# iptables -F

10.5.2 Using secure network protocols

We strongly recommend the usage of secure network protocols. E.g HTTPS instead of HTTP, FTPS instead of
FTP or SSH instead of telnet.
Further mechanisms regarding the security for network connected linux systems are described here:
I
http://embedded-computing.com/articles/improving-security-for-network-connected-linux-based-systems

10.6 Restrict physical access

Each physical interface like USB, SD-Card or ethernet socket can serve as an entrance gate for hackers. If you
limit the number of easily accessible interfaces you in turn decrease the possibility for attackers to connect with
the target device. You need less concern about security mechanism for those interfaces which are not accessible
or not equipped at all.

10.7 Application security

Application security is seldom a high priority for embedded devices. But it is, of course, essential to take account
of identifying risks in embedded applications. Since application development is a very complex subject and it is
out of scope for Garz & Fricke developement we will refer to secondary lecture at this point.
52
VINCELL
User Manual
¡
¡

Advertisement

Table of Contents
loading

Table of Contents