Embedded systems' ability to access devices over the Internet or local networks facilitates a wide range of convenient interactions. The evolution of the Internet of Things (IoT) means fast growth of embedded networks. For these applications, network communication appliance has become a great issue. The resources of embedded systems are too limited and may hardly provide reliable protection against cyber attacks. High-performance devices with Linux may have advantages for secure network access.
The iptables utility embedded Linux works as a network traffic filter. The filter is performed as chains of rules applied by running the "iptables" command with different parameters. The rules are set together in a script file. To put the iptables to the initial state, begin the script with the example rules below.
Brute force is the biggest security problem when using the SSH protocol. A simple firewall can be set up using iptables to prevent brute force attacks. The idea is to block the IP addresses that flood the SSH port and limit the maximum number of opened connections. The script below serves this purpose.
If the clients' IP addresses are static, the best way to perform network communication appliance is to allow access for certain IP addresses only. That means no other user except the specified ones would be able to access the target embedded system remotely. This may be done by creating a whitelist of legal IP addresses. For the example script below, the admitted IP addresses are written down in the file line by line like this.
The described services and methods use the IPv4 protocol. The secure configuration of the IPv6 protocol is ignored, which makes it unsafe to keep enabled. If IPv6 support is turned on in the kernel, then it should have additional protection. Or, if you don't need it, you may just turn it off by adding this line in the /etc/sysctl.conf file.
Remote access over SSH shell and SFTP presents the greatest opportunity of controlling the target embedded system with Linux. Enabling this function is a convenient way for administrating the device. The SSH protocol performs a high level of security and cryptography. There are several possible configurations of the "sshd" utility associated with the SSH shell and SFTP server services to improve SSH-level security.