I changed default password for user volumio and user root. As this is very risky to leave the password at default. However, after changing the password I tried install a plugin “Backup and Restore Data”
What would you suggest as the best practices to ensure the device’s security? I presume that all the currently installed plugins will remain functional after a password update. Is the correct procedure, upon the release of a new version, to simply reflash, reinstall the plugins, change the password, and proceed as usual?
Volumio is not super secure, but for me, more than safe enough. It’s behind my firewall, it hosts only a music streamer, no personal info or data. If I was worried, I guess I could disable ssh (which is default disabled anyway). If someone did break in* and screwed with my setup, I could be up and running again in 15 mins with a backup of my SD.
i think @manues@SimonE Manuel want‘s to configure outgoing ports (needed for cloud services etc.), which is usual in a higher security environment. Right ?
@Josh2000 I understand this is not a security forum… However, any device in your network where anyone can get privileged access pretty easily is always a challenge. I am not really worried about volumio getting crashed or hacked. But I am thinking about someone can easily land on volumio and plan their next phase from the host… Anyway… let me dig around to find my way around…