We recommend that you fully research security strategies for your Raspberry Pi deployment, especially if the system is exposed directly to the internet instead of behind a router with a firewall. Even if hidden behind a firewall, please review Securing your Raspberry Pi documentation on the Raspberry Pi website.
At a minimum, please follow the steps in this documentation to change the default username and password associated with a new Raspberry Pi device. Ensure a very robust password is used, especially if the device is exposed to the internet.
NOTE: new installs of Raspberry Pi OS are shedding the default user account for both security and regulatory reasons. See this article for more information.
Additional recommendations in the official documentation and other considerations:
1.Make sudo require a password. Following this guidance will ensure all superuser access needed to modify the configuration and other important aspects of this device will be password protected.
2.Keep the operating system updated as recommended in the official documentation.
3.Improve SSH Security. Work with your system administrators to ensure accessing a remote system via Secure Shell protocol (SSH) is secure as possible. Here are some considerations
e.Use VNC instead
4.Install a Firewall (ufw)
5.Install ClamAV anti-virus toolkit
6.Install Fail2ban service
By no means are these recommendations exhaustive and you should do your own research to ensure your specific Raspberry Pi installation is secure as possible to prevent unauthorized access. Please forward us any additional security tips you have used so we can share them with the research community.