Cloud File Storage Pi

Disclaimer

Any actions and or activities related to the material contained within this website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

In this lesson, students will get an opportunity to develop the skills to configure a cloud storage device, understand the principles of digital storage and security.

Cloud storage has been a huge benefit for many working professionals over the past 10 years, it has allowed many people to work remotely and upload their work to the cloud to be accessed at different locations and by other people. Cloud storage is storing data on an external hard drive that has internet connectivity instead of using local storage and being limited to only accessing it when you have physical access to the device. This project will show the students how to configure the Raspberry Pi with an external storage device to be an internal network storage device. This is currently configured to only work wirelessly within the same network. For external use, it would need to be configured to have a static IP and allow for traffic outside the network to be forwarded to it. This introduces many security issues, as have been shown by the numerous attacks that are made against cloud storage services. Get the students to research different attacks against cloud storage to show how vulnerable these systems can be if security isn’t implemented properly.

The best way to secure this system is to make sure that the SSH password is complicated, current GCHQ advice is to use a string of at least 3 random words. The project uses a web interface to upload files and access them from other devices within the network. The login details should also include a complicated password, increasing the security of the device. Security increases as simple passwords are easy to brute force which is when an attacker tries to log in with a long list of known passwords until the same password is found. There are more complicated versions of this process which include offline attacks, but these attacks require more processing power and more data about the target than would be known in this situation. The SSL certificate allows for HTTPS to be used, which also encrypts the traffic that is being connected between a client and the server which prevents man-in-the-middle attacks. Combining these processes will increase the security of the project.  

Suggested Year Group

The suggested age group is 14+, this project requires careful configuration and understanding of principles younger students might not have been previously exposed to.

 

Learning Outcomes

  •         Instruct the students how cloud storage works;

  •        Show the students how to configure the Raspberry Pi to be a cloud storage device.

 

Hardware Required

Component Number (Peli Case)

(Base) 4 + 5

(Base) 5

(Base) 6

(Base) 6

(Level 1) 3

(Level 1) 3

(Level 1) 5

(Level 1) 1

Component Number (Box Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case

Raspbian SD Card

External Hard Drive

USB lead

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply

 

Video Guide

 

Conclusion

This project is intended to introduce networking to the students and how the Raspberry Pi can be used as a part of the network, there are many other ways the Raspberry Pi can be used as a part of a network. It is possible to make the Raspberry Pi a HTTP server, a wireless access point, or a casting device. Instruct the students to look for other projects that the Raspberry Pi can be integrated into, but also stress the importance of changing the default passwords on the Raspberry Pi and using strong passwords in general. There is a very good website (https://howsecureismypassword.net/) that can show the students how long it would take for a decent PC to crack the password. There are many ways to generate new, strong passwords, using a password manager is also advised as this generates strong passwords and stores them securely for you as well.

This project can be adapted to also include external traffic allowing access to the cloud outside the network, if any student is interested in doing this, stress the important of security as a vulnerable Raspberry Pi will allow access to the rest of the network.