I’m running my own validator node at home for now but I want to move it to a dedicated server for reliability.
Considered hosting it on a VM, but even with disk encryption, the provider could dump RAM and read my passphrase.
So now I’m looking into a dedicated bare-metal server. An attacker being able to dump RAM is still possible but considerably harder, that’s good enough for me.
That got me thinking, how are all the big time managed staking like Coinbase, Lido, RocketPool keeping their fleet of validator servers secure?
They’re very likely running VMs on cloud providers. I know it’s very unlikely that AWS or Google Cloud will pull a RAM dump on them, but credentials can still get compromised as we’ve seen it happen so many times before. I want to follow the best practices to be at least as secure as them.
My plan to secure my validator node:
- Bare-metal server
- My own VPN, always on with killswitch enabled (might use ZeroTier or Tailscale for this)
- Firewall only accepting incoming connections from the VPN subnet
- Only SSH incoming connection allowed, with port-knocking to expose-hide the custom port, only my SSH key allowed to login
- Run geth and validator software out of an encrypted partition
This sounds good to me, but is there anything else I should do?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments