Check points for securing Home Assistant installations (#1151)

* Add check points

* Add check points

* Fix link

* Grammar and style fixes
This commit is contained in:
Fabian Affolter 2016-10-08 21:20:53 +02:00 committed by GitHub
parent 974ae8e031
commit 59568972ab
2 changed files with 29 additions and 0 deletions

View File

@ -27,6 +27,7 @@
<li>{% active_link /getting-started/customizing-devices/ Customizing devices and services %}</li>
<li>{% active_link /getting-started/presence-detection/ Presence Detection %}</li>
<li>{% active_link /getting-started/troubleshooting-configuration/ Troubleshooting %}</li>
<li>{% active_link /getting-started/securing/ Security Check Points %}</li>
</ul>
</li>
<li>

View File

@ -0,0 +1,28 @@
---
layout: page
title: "Securing"
description: "Instructions how to secure your Home Assistant installation."
date: 2016-10-06 06:00
sidebar: true
comments: false
sharing: true
footer: true
---
One of the reasons to use Home Assistant is that it's not depending on cloud services. Even if you are only using Home Assistant in your local network, you should consider to secure your instance.
### {% linkable_title Checklist %}
- [Protect your web interface with a password](https://home-assistant.io/getting-started/basic/#password-protecting-the-web-interface)
- Secure your host. Sources could be [Red Hat Enterprise Linux 7 Security Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Security_Guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf), [CIS Red Hat Enterprise Linux 7 Benchmark](https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.0.0.pdf), or the [Securing Debian Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html).
- Restrict network access to your device. Set `PermitRootLogin no` in your sshd config (usually `/etc/ssh/sshd_config`) and to use keys for authentication instead of passwords.
- Don't run Home Assistant as root.
- Keep your [secrets](/topics/secrets/) safe.
Additional points if you want to allow remote access:
- Protect your communication with [TLS](blog/2015/12/13/setup-encryption-using-lets-encrypt/)
- Protect your communication with [Tor](/cookbook/tor_configuration/)
- Use a [proxy](/cookbook/apache_configuration/)