I am currently undergoing the process of securing & hardening my nodes for running a cardano stake pool.
I do however have a question that pertains to the air-gapped device. I have an old laptop laying around that would be perfect for this - and was considering using it.
Would wiping the harddrive & installing a fresh OS be sufficient in building this air-gapped device? I’d like to get feedback from experts in this area as I wasn’t entirely sure if this would suffice, given how most individuals proclaim “new pc never connected to internet”
Hey guys Im a new SPO. Im currently getting an understanding of how exactly you operate a pool and all the responsibilities. However, I am confused about something and this may be a dumb question but, how exactly does your air gapped device/ node interact with the blockchain if its air gapped?
it doesn’t … you will use only for signing the transactions… which you will submit (send to the network) via the live node (which is connected with the blockchain)
So the node is not necessarily connected to the internet rather connected to the relay via ethernet which is connected to the internet; which should be limited to the blockchain and ssh via the firewall? Pls correct me if im wrong im just trying to get a mental topology of this from a technical perspective.
The air gapped machine should never connect to anything. You will only transfer the transaction to and from it via USB drive, for signing. This machine will not longer communicate to the outside world. You will need to transfer a copy of the cardano-cli occasionally after an update, but this will also be done via USB drive.
OKKKK!!! I see now. I was so confused about how its interacting with the blockchain if its never connected to anything. I assumed maybe you connected it to the relay via ethernet to interact, but that didn’t make sense because then it would “technically” be connected to the internet lol. Using a USB to transfer a file when necessary makes sense. So the air gaped machine is not a node on the network, simply an offline machine with the CLI capabilities to interact with Cardano Data, and needs to be kept up to date as well as nodes that are actually on the network?
If you have the OS on the air-gapped machine configured, so that it does never under any circumstances execute anything on USB drives automatically, they would need to prepare the USB drive to circumvent that. I think I may have heard of some attacks like that, but it may also have only been something destructive like overloading the USB port to brick the machine or so. But preparing such an attack via your other computer that is connected? Very, very hard.
The cardano-cli that you transfer might get infected. But they would have to do it during building it or between build and transfer to USB. Possible? Sure. Likely? Not so much. They need a very complicated malware or direct live access for that. Are there enough targets with air-gapped machines that do it sufficiently similar that an attack is worth the effort? Probably not.
If you want to get really paranoid, there’s always “Reflections on Trusting Trust”: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Ken Thompson shows in his 1984 Turing Award lecture with a toy proof of concept that, even if you do a thorough code review, the compiler might be programmed to introduce a backdoor, when compiling that source code. And that it might also be programmed to put that backdoor-introducing code into the next version of the compiler, when that one is compiled from reviewed sources.