Cyber security
Server Tuning
Initial server settings:
Disable root user (PermitRootLogin no)
Login via SSH only by key (PasswordAuthentication no)
Activation of Unattended Upgrades in APT
Activation of the firewall
Fail2Ban setup
Resource monitoring (Node exporter)
You can use Ansible for automation - https://bit.ly/3Bxg2b1
Types of attacks on PoS blockchain
Sibyl (Sibyl) attack or its variation - Eclipse;
Attack +1/3;
DeFi security;
Spam transactions;
Double signature;
Basic concepts of node security
Control of software used
Careful selection of starting nodes
If you select random nodes, the risk of establishing communication with malicious nodes increases. This applies to the seeds and persistent_peers settings.
Sentry nodes
Used to cover the main validator node
In case of an attack on them (DDoS), they are easily replaced with new ones
Increases network delays
You can build complex node structures
Sentry nodes. Protection options.
Validator protection options:
1. One node
The simplest and most common way.
Easy to deploy, but not very flexible
Sentry nodes. Protection options.
2. Single layer protection
Effective protection against DDoS attacks.
If an attacker gains access to the private network, he will be able to attack the validator node.
Sentry nodes. Protection options.
3. Double layer protection
Similar to the classic corporate scheme of separating frontend and backend
An expensive solution, and there is a bottleneck in the form of a validator node.
Stable work and double signature
The validator must make every effort to keep the node running smoothly and avoid double signing.
A double signature occurs when two different blocks at the same height are proposed by the same validator.
Penalties for downtime - 0.01% reduction of all delegated funds (soft slashing)
The penalty for double signature is 5% reduction.
KMS/HSM
To avoid double signature, a KMS/HSM solution is used.
It is designed for signing blocks on a separate node and allows you to have more than one node for validation with one key.
Disadvantages: increased cost and network delays.
https://github.com/iqlusioninc/tmkms
Horcrux
Horcrux is a signature service based on the confidential computing protocol for Tendermint nodes.
It is designed to sign blocks on individual nodes with specially generated and divided keys, which allows you to sign blocks even if some parts are missing.
When using this service, the validator's bottlenecks disappear; part of the infrastructure may be disabled, but the validator will continue to work.
https://github.com/strangelove-ventures/horcrux
https://ru.wikipedia.org/wiki/%D0%9F%D1%80%D0%BE%D1%82%D0%BE%D0%BA%D0%BE%D0%BB_%D0%BA%D0 %BE%D0%BD%D1%84%D0%B8%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD %D0%BE%D0%B3%D0%BE_%D0%B2%D1%8B%D1%87%D0%B8%D1%81%D0%BB%D0%B5%D0%BD%D0%B8%D1 %8F
Monitoring
Most often, the Prometheus+Grafana stack is used for monitoring.
Moreover, both Tendermint and CosmosSDK offer their own metrics for Prometheus, you just need to activate them.
https://docs.tendermint.com/master/nodes/metrics.html
https://docs.cosmos.network/master/core/telemetry.html
The main metrics that need to be monitored are: current height, number of missed blocks, current stack, voting power.
Unfortunately, not all metrics are available and sometimes you need to use your own. As an example, you can see https://monitor.bronbro.io/d/mfbuQsZn1/validator-stats?orgId=2&refresh=10s.
https://github.com/CyberObiOne/Grafana-Monitor
Questions?
Anonymous feedback
https://forms.gle/nUVjG1CihSEdLgXE7
Thank you for attention