What is the best way to secure tinypilot?
- @cghague
What security option can be enabled to secure the tinypilot from access? To prevent vulnerabilities and exploits and injections? Are there ways to monitor if an ip I'm not aware has accessed it? I already use the username sign in and https, but that clearly wont be enough to keep it secure. Any ideas/thoughts/implementations you've successfully done and penetration tested would be helpful!
- CCharles Hague @cghague2023-05-23 14:54:09.627Z
Hi @Supercell, thanks for reaching out with your questions about security.
We’d always suggest following best practices, such as keeping your TinyPilot device updated, connecting over HTTPS, and using strong passwords. However, even with those steps, we don't recommend exposing TinyPilot directly to the public Internet. Instead, we’d recommend using a third-party cloud access solution, as this can help to mitigate many of the risks associated with port forwarding.
If you do need to expose your TinyPilot device to the Internet, we recommend taking steps to harden it such as adding a firewall to limit access to necessary ports from known IP ranges and potentially adding something like
fail2banto mitigate brute force attacks on your credentials. We don’t have any documentation on this process, but as TinyPilot runs on Linux, you can find many great guides and tutorials for these topics online.