Thanks for sharing. I do have a comment/question. Wouldn’t Raspberry Pi security only be a concern if you are opening it up to the Web via opening a port on your router?
SInce most of us here are using our Pi’s as Roon enpoints, we would not be opening up our Pi’s as an entry point into our networks.
If someone got onto our network some other way, well, we will likely have bigger problems!
Yes, agreed. On it’s own there is very little risk I think. I certainly don’t want to scare people…
But security attacks are usually a number of carefully crafted steps that bring an attacker closer to it’s goal and several conditions need to be met to get there.
It’s kind of like prison break. Each time you get though a door there is another one and locking all doors is good in this case. Leaving a door open is like a present for an attacker.
As I said, on our home networks, there is not so much risk.
But some (security) people are worried about the ever increasing number of IoT devices and the sometimes lack of proper security testing of these.
If you put a RPI on your company network to play music I would be a little more worried than on my home network where I just keep my family pictures, movies and music
I recall @danny saying something about this, along the lines of (not his exact words but overall gist): if someone got into your home network, then you are already screwed - regarding password protection your Pi.
The biggest issue is that these methods are the basics of getting in.
There exist numerous exploitable issues that are not something you can “fix”, and that the vendors of the software themselves are not aware of. And let’s totally just ignore all the actual backdoors everywhere…
Secure your home from the outside… don’t let strangers in. If you are worried about this stuff, then stop installing IoT home automation stuff that goes out to cloud services as well.