Price: $0
Pools:
Epoch:
Slot: 143,744,772
Date: 27-12-2024

Articles

Advanced safety considerations for secure Cardano and Web usage

There have been great tutorials for your Cardano-Node security settings by VRITS, but many users access and manage their ADA on home devices. This tutorial aims at explaining security risks together with solutions for a safer web experience.

StablePool 18-09-2020, 13:38 · 6 mins read
Share this

Security and Internet is like an egg-hen problem. If you are connected to the web, you are at risk, if you are not connected to the web, you don't have the proper updates on your device and are also at risk. So how does one close potential back-doors?

The answer is pretty simple: It's not possible to be completely safe on the web. Especially with thinks like the Meltdown attack users have to accept that there might be possibilities to compromise their devices on a sub-OS level.

Still, the world banking economy and a lot of blockchains run smoothly and demonstrate that it is possible to run a safe machine online, keeping in mind the security settings advised by VRITS in their great article:
https://cardanojournal.com/is-your-server-secure-or-did-you-leave-your-front-door-open-85
which is the basis of any safe operation of your Cardano-Nodes.

On the other hand the above examples illustrate, that the only way for complete safety is to run a machine in a so called "safe-by-design" setup. This means, for example, having your computer disconnected completely from the web, which - by design - eliminates the possibility of someone compromising your device via the internet. This is the advised setting for your node which is used to sign transactions - the node which contains your cold keys. Following this simple precaution automatically iliminates the risk of your cold keys being stolen via the web. On the other hand - if the device is not encrypted - it is possible to physically steal the computer from your home - thereby stealing your cold keys and the access to all your ADAs on your pool. For this reason the encryption of the cold keys is highly advised - software like VeraCrypt can encrypt your files in a safe container, thereby protecting your keys from being physically stolen. Be sure to have your cold keys on mutliple encrypted locations.


But what about all the users and stakepool operators out there, accessing the internet via their home-routers?

Here the same principles apply as for usual goods. Where is the most dangerous location for your information? It's on the road, like with real goods! So how can one protect internet packets? By sealing all the intrusion points.

1. A first thing to advise is protecting the road of your packets. The internet is of course build by machines interacting though the IP protocol, so if you access a website you really access the IP of the server hosting this website. And the one telling you the IP of the hosted website is your Domain Name Service (DNS). So - if you access for example cardanojournal.com - you really don't know what you are accessing and your DNS tells you which IP the cardanojournal.com website really has. If your DNS is compromised however - you can be fooled and sent to imitating sites! Check your DNS on Linux by first installing resolv.conf if you don't have it:

sudo apt install resolvconf

You can print your DNS servers by:

cat /etc/resolv.conf

Which gives some lines plus:

nameserver xxx.xxx.xxx.xxx

Which is the IP of your DNS. Check if this DNS is the DNS of your internet service provider (ISP), if not, your device might be compromised.

Furthermore the DNS provider knows all your visited websites and saves them, in most countries, for some months. Your DNS provider might even censor the Web - by sending you to different sites if you access a censored site. This is why it is highly adviseable to choose a proper DNS which is accordance with your wants. A fast, free, reliable and uncensored DNS is run by https://blog.uncensoreddns.org/. Be sure not to edit the resolv.conf file directly, as the changes will be overwritten. Instead, edit your wi-fi/lan internet connection settings and enter the DNS in the DNS section. Reconnect and do the cat /etc/resolv.conf again to check if your nameservers match the wanted dns. For uncensoreddns the output looks like:

nameserver 91.239.100.100

nameserver 89.233.43.71

2. Router safety is an issue!

As all your internet is going through your router, also make sure to properly configure your router! This tutorial will only give some key points, where it is always adviseable to check the web for potential threats concerning your router model. Keeping in mind the settings from below will however bring you closer to a secure web experience.

Check your Router password! Most of the users never change their router passwords and - even if the default user/pw are not things like user: admin password: admin - there have been breaches of company data containing the default router passwords. As the router is the gate to the web it is of utmost importance that it is not compromised! Log into your router and change the default user and pw!

Only use WPA2 for wifi - thinks like WEP can be hacked in less than 5 minutes. 

Disable remote administration - some routers feature it but it's a potential security risk.

Keep your router firmware up to date! Check if there are updates for your router model - if you are running on a very old router where no updates exist - consider contacting your ISP for a new model.

For an extended discussion of router security visit: https://routersecurity.org/

3. Don't browse the web randomly on a machine you use for crypto - it exposes your machine to things like flash which have been known to feature intrusion points for malware. Consider installing NoScript, as it blocks most of the unwanted scripts running on web-pages. 

4. Never - Never - Never expose your crypto holdings! It should be self-explanatory - but there still are people out their blurting about how many ADA they bough yesterday on twitter. Don't do this, it exposes you as a potential candidate to attack!

5. Stay safe - stay alert: Always follow the latest news on your project, only use proper links for the software, check pgp keys and stay up to date! Most of the hacks are exposed very fast and security updates are released sealing the back-doors.

6. Always be alert handling your crypto - if something seems strange - take a break and check again.

This is only a short list of things to pay attention to to stay safe - without the guarantee of complete safety - as it doesn't exist.

Image by Gerd Altmann from Pixabay 

Author StablePool
Supplying stable staking to the cardano blockchain. Hosted with a major german server hoster, 24/7/365 uptime, 8 cores and 8 Gb Ram in relay and producer, SSDs.
Author´s StakePool
Pool ID
Read next

The Cardano Community just revealed something important for the entire crypto space

US Congress writes to the IRS to explain why PoS block rewards should not be taxed as income. @CardanoStiftung’s work to promote the education of PoS technologies...

ALL Cardano 12-09-2020, 16:47 · 3 min read

Security budget of the Cardano project

PoW and PoS have different characteristics regarding the security budget. A PoW network must provide sufficient rewards in every block and it can be a problem in the long term perspective due to the h...
18-01-2020, 23:00 · 20 min read · Cardanians.io

What is the real use-case of Cardano?

What is the real use-case of the Cardano? This question is often raised in debates on the Internet. Let's try to answer it. You will be probably surprised by the answer. Hopefully, it can help you to ...
20-05-2020, 13:42 · 9 min read · Cardanians.io

Cardano can give crypto a cash-like experience

IOHK donated $500,000 in ADA coins to the University of Wyoming to work on blockchain innovations. A part of the work will be research dedicated to design an ultra-low power crypto-authentication chip...
27-05-2020, 14:08 · 11 min read · Cardanians.io

Your very first article about Cardano

If you have never heard about Cardano then this article is for you....
26-01-2020, 23:00 · 18 min read · Cardanians.io