Documentation
Development BoardsTutorialsCommunity

Essential Security Measures

The ALPON X4 security guide provides simple steps to protect your device, ensure smooth operation, and reduce risks.

Suggest Edits

Keeping your ALPON X4 safe is important to stop problems and keep it working well. This guide shows simple steps to improve security, like checking open ports, using SSH keys, updating the system, setting up a firewall, and creating new user accounts. Following these steps will help protect your device and keep it running smoothly.


1. Check and Close Unnecessary Open Ports

Open network ports on the device can be entry points for potential attacks. It is important to periodically review open ports and close any unnecessary ones. However, some ports are required for the proper functioning of the ALPON X4 system and should not be closed.

  1. List open ports using netstat:
sudo netstat -tuln

This will display the active listening ports and their associated services.

❗️

Important note regarding ALPON X4 default ports

The ALPON X4 system uses ports 30010, 30020, 30030, 30040, 30050, 30070, 30080, 10250, 6443 and 22 for its core functionalities.

Do not attempt to close or block these ports as it may interfere with the normal operation of the device.

  1. Stop unnecessary services:

Once you identify unnecessary services, you can stop or disable them. For example, to disable a service:

sudo systemctl stop <SERVICE_NAME>  
sudo systemctl disable <SERVICE_NAME>

2. Setting Up SSH Key-Based Authentication

To increase security on your ALPON X4, it is recommended to use SSH key-based authentication instead of password-based login. (This requires a user. If you don't have a user, create one in step 5.)

Here is a step-by-step guide to set this up:

  1. Generate SSH Key Pair

Open a terminal on your personal computer and run:

ssh-keygen -t rsa -b 4096

Follow the prompts to save the key pair. By default, they'll be saved in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).


  1. Copy the Public Key to the ALPON X4

Use the ssh-copy-id command:

ssh-copy-id USERNAME@YOUR_ALPON_IP

Replace 'YOUR_ALPON_IP' with your ALPON X4's actual IP address.

📘

Note

ssh-copy-id command is usually supported on Linux systems, if this command does not work for you, manually copy your SSH key to your ALPON X4.


  1. Test the SSH Key Authentication

Try logging in to your Alpon X4 using SSH:

ssh USERNAME@YOUR_ALPON_IP

You should be able to log in without entering a password.


  1. Disable Password Authentication (Optional but recommended)

For enhanced security, disable password authentication:

  • SSH into your ALPON X4. Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
  • Find the line '#PasswordAuthentication yes' and change it to:
#PasswordAuthentication no
  • Save the file and exit the editor. Restart the SSH service:
sudo systemctl restart ssh

3. Keep the System Updated

Keeping your system up to date is one of the simplest yet most effective security measures.

  1. Update the package list & upgrade the installed packages:
sudo apt update  
sudo apt upgrade
  1. Update default ALPON X4 applications:

Go to Sixfab Connect → Click on the Details button of the Asset → Navigate to the Device tab → Scroll down to the Device Maintenance section → Click on the Update button.


4. Firewall Setup & Configuration

A firewall is essential for protecting your system from unauthorized access. Follow these steps to install and configure UFW:

  1. Install UFW:
sudo apt update && sudo apt install ufw

This command updates the package list and installs UFW.

  1. Apply Essential Configurations:
sudo ufw default deny incoming   # Block incoming connections by default  
sudo ufw default allow outgoing  # Allow outgoing connections  
sudo ufw allow 22                # Permission for SSH  
sudo ufw allow 30010             # Permission for default Sixfab application  
sudo ufw allow 30030             # Permission for default Sixfab application  
sudo ufw allow 30040             # Permission for default Sixfab application  
sudo ufw allow 30080             # Permission for default Sixfab application

There are other standard Sixfab apps running on ports 30020, 30050, and 30070. These do not need to be included in the firewall rules.


5. Create a new user for daily use (optional)

  1. Create a new user:
sudo adduser <NEW_USERNAME>
  1. Assign this new user to the sudo group (for administrative privileges):
sudo usermod -aG sudo <NEW_USERNAME>

Once the new user is created, you can log in using ssh NEW_USERNAME@YOUR_ALPON_IP.

Securing the ALPON X4 device requires a proactive approach to minimizing vulnerabilities and ensuring system integrity. Key practices include securing SSH access, regularly updating the system to patch known vulnerabilities and disabling unused services to reduce the attack surface. By adhering to these principles, you can significantly enhance the security of your ALPON X4 device, making it more resilient against potential threats.

Updated 4 days ago