Hi, I recently reached out to a developer as I am learning the ropes to setting up a Cardano Stake Pool publicly. I asked security questions regarding having an air gapped machine and was curious if the insight they provided was sound?
The gentleman explained to me:
“You don’t need to setup an air gapped machine. It’s a complicated setup that is deployed by advanced users with a technical background. Your servers should be secure enough that is impossible to be hacked, and let’s say they managed to hack your server, they can’t do anything on the server since the important files and keys are encrypted by your password. You will also have an offline copy of those important files and keys in an encrypted format on your PC or anywhere you want to save, just in case something happens. Your server should be set to its optimal setup, each with a host-based firewall that only necessary ports needed by the node and unique SSH port are open. And it should have an Login detection daemon that prevents any brute force attacks on the server, ie. it blocks the IP address of anyone that attempts to login to the server via SSH for using a wrong password 3 times.”
Is this sound advice being given?