FriendlyWRT Principle of Least Privilege
Posted: Fri Aug 07, 2020 9:58 am
I installed the latest FriendlyWRT on my NanoPI R2S (20200707). I was very happy that it was such an easy process to write the image to a micro SD card and get it booted.
A few things along the way made me think this project could be reminded about the Principle of Least Privilege (https://en.wikipedia.org/wiki/Principle ... _privilege)
As a default, we really have to focus on 100% for LAN and 0% for WAN. Thank you for a powerful SBC & WRT
A few things along the way made me think this project could be reminded about the Principle of Least Privilege (https://en.wikipedia.org/wiki/Principle ... _privilege)
- Log in to the SBC as root on the WAN port without a password. This is low risk as I connected the WAN port of the R2S to my internal network. Will most people do this?
Default firewall policy of accept on input chain. This should be Drop. Then add a firewall rule to accept from the LAN interface.
As a default, we really have to focus on 100% for LAN and 0% for WAN. Thank you for a powerful SBC & WRT