Hi @phera !
I had similar doubts than you when I started.
Compare: Stakepool Operation Tools as a potential risk?
Being careful with updates is a good practice.
This is what i learned so far about the topic:
- The scripts which are part of the Guild Operator tools (includes topologyUpdater) are asking for updates before just running them
- As mentioned above it is a good idea to validate an update before just installing it.
- To avoid manipulation of your local config it is an option to use Intrustion detection. Some use OSSEC. Here is a guide which was shared on the forum: Cardano Node Security Monitoring - ADAvault
- Specificaly for TopologyUpdater some are not using it, instead looking for peers which they trust and build a custom topology from there.
- This also allows to put more concrete firewall rules on relay to avoid traffic from “unknown” sources which also eliminates DDOS attack vectors. Anyways I’m not sure if this is a good practice since it also does not allow all the other relays to connect to your server. A downside might be that some of the Pool Comparison platforms (like Pooltool) would also not be able to ping your relay, so some specific handling would be required.
If someone with custom topo based on the known peers approach and IP limitations only for those peers reads this. Would be interesting to hear your experience with that.