Server Security: Lesson #1

A recent project I have been working on involved a custom built Linux distro running on an ARMv6 piece of hardware. We figured we were fairly immune to getting hacked based on obscure old hardware and pared-down Linux distro.

Unfortunately, early in development for ease of working on things we chose a guessable root password.  By the time (months later) that we wanted to plug our device onto the internet for testing we’d long since forgot the state that we had left things with the root user account.

It took just 1 week of being connected to the internet for the device to be hacked and malware installed.

An investigation uncovered just how unsophisticated of an attack was required to gain access.

So a lesson was learned by everyone on the team. Basic security precations such as using a strong root password should be made from the start – not procrastenated.