Power & Source of Big Ideas

FriendlyWRT Principle of Least Privilege

Moderators: chensy, FATechsupport

I installed the latest FriendlyWRT on my NanoPI R2S (20200707). I was very happy that it was such an easy process to write the image to a micro SD card and get it booted.
A few things along the way made me think this project could be reminded about the Principle of Least Privilege (https://en.wikipedia.org/wiki/Principle ... _privilege)

    Log in to the SBC as root on the WAN port without a password. This is low risk as I connected the WAN port of the R2S to my internal network. Will most people do this?
    Default firewall policy of accept on input chain. This should be Drop. Then add a firewall rule to accept from the LAN interface.

As a default, we really have to focus on 100% for LAN and 0% for WAN. Thank you for a powerful SBC & WRT
Good for setup as you have less chance of locking self out. but bad in long term if it acts as intermediate between modem and network.

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 5185 on Wed Jan 22, 2020 1:44 pm

Users browsing this forum: No registered users and 2 guests