I am currently undergoing the process of securing & hardening my nodes for running a cardano stake pool.
I do however have a question that pertains to the air-gapped device. I have an old laptop laying around that would be perfect for this - and was considering using it.
Would wiping the harddrive & installing a fresh OS be sufficient in building this air-gapped device? I’d like to get feedback from experts in this area as I wasn’t entirely sure if this would suffice, given how most individuals proclaim “new pc never connected to internet”
Yep. Start with a fresh install and never connect it to the internet. I have taped up the network port just in case I have a brain fart.
Yes it is safe. If your device has network capabilities (wifi, bluetooth, etc…) make sure to disable the hardware for them in the system BIOS.
Hey guys Im a new SPO. Im currently getting an understanding of how exactly you operate a pool and all the responsibilities. However, I am confused about something and this may be a dumb question but, how exactly does your air gapped device/ node interact with the blockchain if its air gapped?
it doesn’t … you will use only for signing the transactions… which you will submit (send to the network) via the live node (which is connected with the blockchain)
So the node is not necessarily connected to the internet rather connected to the relay via ethernet which is connected to the internet; which should be limited to the blockchain and ssh via the firewall? Pls correct me if im wrong im just trying to get a mental topology of this from a technical perspective.
The air gapped machine should never connect to anything. You will only transfer the transaction to and from it via USB drive, for signing. This machine will not longer communicate to the outside world. You will need to transfer a copy of the cardano-cli occasionally after an update, but this will also be done via USB drive.
OKKKK!!! I see now. I was so confused about how its interacting with the blockchain if its never connected to anything. I assumed maybe you connected it to the relay via ethernet to interact, but that didn’t make sense because then it would “technically” be connected to the internet lol. Using a USB to transfer a file when necessary makes sense. So the air gaped machine is not a node on the network, simply an offline machine with the CLI capabilities to interact with Cardano Data, and needs to be kept up to date as well as nodes that are actually on the network?
Isn’t it just as easy to transmit vulnerabilities, malicious scripts or viruses by USB?
„Just as easy“ it is not, but possible it is.
If you have the OS on the air-gapped machine configured, so that it does never under any circumstances execute anything on USB drives automatically, they would need to prepare the USB drive to circumvent that. I think I may have heard of some attacks like that, but it may also have only been something destructive like overloading the USB port to brick the machine or so. But preparing such an attack via your other computer that is connected? Very, very hard.
cardano-cli that you transfer might get infected. But they would have to do it during building it or between build and transfer to USB. Possible? Sure. Likely? Not so much. They need a very complicated malware or direct live access for that. Are there enough targets with air-gapped machines that do it sufficiently similar that an attack is worth the effort? Probably not.
If you want to get really paranoid, there’s always “Reflections on Trusting Trust”: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Ken Thompson shows in his 1984 Turing Award lecture with a toy proof of concept that, even if you do a thorough code review, the compiler might be programmed to introduce a backdoor, when compiling that source code. And that it might also be programmed to put that backdoor-introducing code into the next version of the compiler, when that one is compiled from reviewed sources.
I know it’s dumb question. Can I leave the airgapped computer off? I’m looking at getting Raspberry Pi for the airgap and leaving it in my safe.
yes u can… why to keep it on as long you are not syncing the DB? you are using the airgapped computer only to sign transactions…
You will need it ON at least every 90 days to renew the KES. If not doing anything else it’ll probably stay OFF the remaining time.