Recently we saw some unsettling news about a stake pool operator (HAPPY) that was hacked and had their 1,000,000 ADA Pledge stolen. Following this, a fellow SPO and friend did a quick analysis and found this startling revelation:
This is what prompted the article, a “back to basics” security measures every Cardano Stake Pool Operators should know and implement.
- DO NOT run the block producer and relay on the same host — as the relay is public facing and if it is hacked or under attack (DDOS), your block producer will also be offline, which means you will miss the chance to produce a block and it can affect your ranking & rewards later on.
- Your block producer should be behind a firewall and should only connect to your relay nodes. And your relay nodes may connect to the block producer and other peer relays.
- Only keep the bare minimum ( kes.skey , vrf.skey , node.cert equivalents) to keep your cardano-node up on the server. DO NOT keep your wallet/pool files (other than required files) on the server.
Credits to https://twitter.com/SafeStak for recommended file list.
- Never run anything (cardano-node, web server, docker, etc…) with root privileges. Setup an unprivileged account(s) and use it.
- Remember, docker runs with root privilege by default — unless you know what you are doing, don’t use docker. If you are going to use it, invest some time into learning about how to properly setup docker namespaces.
- Use a hardware/software firewall on your server and lock down the ports.
- DO NOT leave any unused ports open on your server.
- Change the default SSH port 22 to something random that only you know.
- Disable access to root login on the SSH config. Only use unprivileged account(s) with SUDO access. Also disable password login in SSH.
- DO NOT use username/password authentication for SSH.
- Use public key/private key ssh authentication method for SSH. Don’t forget to password protect your private key when you generate them.
- Use SFTP to transfer files to/from your server.
- Use a secure operating system with long term support for your server. For example Ubuntu 20.04 LTS release.
- Don’t forget to keep your server’s operating system and installed software up to date with latest updates.
- Disable IPv6 on your server if you are not using it. Here’s why.
- Ensure your day-to-day machine user account and cloud provider accounts have secure auth — strong passwords, 2FA authentication, etc. Keep your set up simple and reduce the surface area.
Credits to https://twitter.com/SafeStak for this recommendation.
- Implement Fail2Ban to block unauthorised access attempts.
Security is complex and has many layers to it. It starts with the person. I highly recommend this video released by Charles Hoskinson:
I am aware quite a few non-techy aspiring stake pool operators are joining the ecosystem; to them — please educate yourself. We need more people to participate — so let’s do it in a secure way that is mutually beneficial (you the SPO as well as the delegator and the Cardano eco system).
- Why is it bad to log in as root?
- Why Running a Privileged Container in Docker Is a Bad Idea
- How Docker Works — Intro to Namespaces
- How To Set Up a Firewall with UFW on Ubuntu 20.04 (ignore IPv6 step)
- Setup a Non-root User with Sudo Access on Ubuntu
- Set up SSH public-key authentication to connect to a remote system
- What is an Ubuntu LTS Release? Long Term Support
- An Introduction to Secure Shell Access and Secure File Transfer Protocol
- How Fail2Ban Works to Protect Services on a Linux Server
This is not the final list of everything a stake pool operator must do — it’s simply a start. In addition to the above, please do your own research.
If the stake pool operators don’t follow these basic security measures, their pools will likely get compromised and worst case scenario — pledge get’s stolen. As for the delegators — they won’t see any rewards for staking at the compromised pool (as it won’t be making any blocks).