New User Security Questions

Installation Home Assistant OS
1

Hi all,

I’m a new Hass.io user about to start a fresh install on a pi4b

I was wondering about security on the default installation of Hass io:
If I don’t want to access the pi from outside of wireless network are there any additional steps I should take to secure after it downloads / installs?

I just want Hass io to trigger some wifi-connected devices through the web interface from a few tablets / phones. I don’t need to do any of this from outside my home network.

I guess worrying about only whitelisting some mac addresses would seem over-the-top as that would mean someone had already compromised the network?
I’m mainly just looking to ensure that the Hass io addition doesn’t create a ‘point of failure’ with regards to general security :slight_smile:

Thanks for your input. Any links or thoughts are appreciated…

2

no.

OK

If you don’t forward any ports, your HA is not exposed from the internet. It would function just as any other computer in your local network.

3

It’s worth separating out Home Assistant (the software) from Hass.io (the install method you’ve used).

Home Assistant can operate without any inbound connection. Hass.io itself also can operate without any inbound connection.

Neither of these is likely to introduce any remotely exploitable vulnerability. Now, Hass.io allows you to install add-ons, and configure remote access, any of these things could introduce risk if you do this without thought. There are many of us who’ve been running our HA instances exposed to the Internet for years without issue though.