- If you've forwarded any ports to your Home Assistant system from the Internet then it *will* be found by others. Whether through services like Shodan, or direct port scanning, all systems on the Internet are routinely probed for accessible services. If you fail to set a password then it is simply a matter of time before somebody finds your system - potentially as little as a few hours. + If you've forwarded any ports to your Home Assistant system from the Internet then it *will* be found by others. Whether through services like Shodan, or direct port scanning, all systems on the Internet are routinely probed for accessible services. If you fail to set a password then it is simply a matter of time before somebody finds your system - potentially as little as a few hours. Setting a password should be considered the bare minimum security precaution and, as such, shouldn't be relied upon as the sole security action taken to protect your home from outside hackers. PASSWORDS CAN BE BROKEN!
From 057f5703ad23e621f57ec4f7165294359cde4d9b Mon Sep 17 00:00:00 2001 From: finity69x2 <32221243+finity69x2@users.noreply.github.com> Date: Sat, 4 Aug 2018 17:44:45 -0400 Subject: [PATCH 2/3] Update securing.markdown --- source/_docs/configuration/securing.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/_docs/configuration/securing.markdown b/source/_docs/configuration/securing.markdown index de98477a54bd..b557b10e7855 100644 --- a/source/_docs/configuration/securing.markdown +++ b/source/_docs/configuration/securing.markdown @@ -20,7 +20,7 @@ One major advantage of Home Assistant is that it's not dependent on cloud servic - Don't run Home Assistant as root – consider the Principle of Least Privilege. - Keep your [secrets](/topics/secrets/) safe. -If you want to allow remote access, consider taking the additional steps as listed below. They are listed from the most secure to the least secure. IT IS HIGHLY RECOMMENDED THAT IF YOU ARE GOING TO BE OPENING YOUR HOME ASSISTANT (HENCE THE CONTROL OF YOUR HOME) TO THE OUTSIDE WORLD THAT YOU SHOULD SECURE IT WITH A VPN AT THE MINIMUM: +If you want to allow remote access, consider taking the additional steps as listed below. They are listed from the most secure to the least secure. It is highly recommended that if you are going to be opening your Home Assistant (hence, the control of your home) to the outside world that you should secure it with a VPN at the minimum: - Protect your communication with [Tor](/cookbook/tor_configuration/). - Set up a VPN @@ -31,5 +31,5 @@ If you want to allow remote access, consider taking the additional steps as list - Enable IP Filtering and configure a low [Login Attempts Threshold](/components/http/)- If you've forwarded any ports to your Home Assistant system from the Internet then it *will* be found by others. Whether through services like Shodan, or direct port scanning, all systems on the Internet are routinely probed for accessible services. If you fail to set a password then it is simply a matter of time before somebody finds your system - potentially as little as a few hours. Setting a password should be considered the bare minimum security precaution and, as such, shouldn't be relied upon as the sole security action taken to protect your home from outside hackers. PASSWORDS CAN BE BROKEN! + If you've forwarded any ports to your Home Assistant system from the Internet then it *will* be found by others. Whether through services like Shodan, or direct port scanning, all systems on the Internet are routinely probed for accessible services. If you fail to set a password then it is simply a matter of time before somebody finds your system - potentially as little as a few hours. Setting a password should be considered the bare minimum security precaution and, as such, shouldn't be relied upon as the sole security action taken to protect your home from outside hackers. Passwords can be broken!
From eafc8ebde156319f4db31abe7ecc6433593a14fb Mon Sep 17 00:00:00 2001 From: finity69x2 <32221243+finity69x2@users.noreply.github.com> Date: Mon, 13 Aug 2018 04:34:00 -0400 Subject: [PATCH 3/3] Update securing.markdown --- source/_docs/configuration/securing.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/_docs/configuration/securing.markdown b/source/_docs/configuration/securing.markdown index b557b10e7855..ba6f2b0a55ec 100644 --- a/source/_docs/configuration/securing.markdown +++ b/source/_docs/configuration/securing.markdown @@ -20,7 +20,7 @@ One major advantage of Home Assistant is that it's not dependent on cloud servic - Don't run Home Assistant as root – consider the Principle of Least Privilege. - Keep your [secrets](/topics/secrets/) safe. -If you want to allow remote access, consider taking the additional steps as listed below. They are listed from the most secure to the least secure. It is highly recommended that if you are going to be opening your Home Assistant (hence, the control of your home) to the outside world that you should secure it with a VPN at the minimum: +If you want to allow remote access, consider taking the additional steps as listed below. They are generally listed with the more secure options first. It is highly recommended that if you are going to be opening your Home Assistant (hence, the control of your home) to the outside world and you don't need remote access to the API (for example, for a device tracker) that you should secure it using one of the first three options: - Protect your communication with [Tor](/cookbook/tor_configuration/). - Set up a VPN