Price: $0.246
Pools: 3163
Epoch: 438
Slot: 103,981,980
Date: 24-09-2023


Advanced safety considerations for secure Cardano and Web usage

There have been great tutorials for your Cardano-Node security settings by VRITS, but many users access and manage their ADA on home devices. This tutorial aims at explaining security risks together with solutions for a safer web experience.

StablePool 18-09-2020, 13:38 · 6 mins read
Share this

Security and Internet is like an egg-hen problem. If you are connected to the web, you are at risk, if you are not connected to the web, you don't have the proper updates on your device and are also at risk. So how does one close potential back-doors?

The answer is pretty simple: It's not possible to be completely safe on the web. Especially with thinks like the Meltdown attack users have to accept that there might be possibilities to compromise their devices on a sub-OS level.

Still, the world banking economy and a lot of blockchains run smoothly and demonstrate that it is possible to run a safe machine online, keeping in mind the security settings advised by VRITS in their great article:
which is the basis of any safe operation of your Cardano-Nodes.

On the other hand the above examples illustrate, that the only way for complete safety is to run a machine in a so called "safe-by-design" setup. This means, for example, having your computer disconnected completely from the web, which - by design - eliminates the possibility of someone compromising your device via the internet. This is the advised setting for your node which is used to sign transactions - the node which contains your cold keys. Following this simple precaution automatically iliminates the risk of your cold keys being stolen via the web. On the other hand - if the device is not encrypted - it is possible to physically steal the computer from your home - thereby stealing your cold keys and the access to all your ADAs on your pool. For this reason the encryption of the cold keys is highly advised - software like VeraCrypt can encrypt your files in a safe container, thereby protecting your keys from being physically stolen. Be sure to have your cold keys on mutliple encrypted locations.

But what about all the users and stakepool operators out there, accessing the internet via their home-routers?

Here the same principles apply as for usual goods. Where is the most dangerous location for your information? It's on the road, like with real goods! So how can one protect internet packets? By sealing all the intrusion points.

1. A first thing to advise is protecting the road of your packets. The internet is of course build by machines interacting though the IP protocol, so if you access a website you really access the IP of the server hosting this website. And the one telling you the IP of the hosted website is your Domain Name Service (DNS). So - if you access for example - you really don't know what you are accessing and your DNS tells you which IP the website really has. If your DNS is compromised however - you can be fooled and sent to imitating sites! Check your DNS on Linux by first installing resolv.conf if you don't have it:

sudo apt install resolvconf

You can print your DNS servers by:

cat /etc/resolv.conf

Which gives some lines plus:


Which is the IP of your DNS. Check if this DNS is the DNS of your internet service provider (ISP), if not, your device might be compromised.

Furthermore the DNS provider knows all your visited websites and saves them, in most countries, for some months. Your DNS provider might even censor the Web - by sending you to different sites if you access a censored site. This is why it is highly adviseable to choose a proper DNS which is accordance with your wants. A fast, free, reliable and uncensored DNS is run by Be sure not to edit the resolv.conf file directly, as the changes will be overwritten. Instead, edit your wi-fi/lan internet connection settings and enter the DNS in the DNS section. Reconnect and do the cat /etc/resolv.conf again to check if your nameservers match the wanted dns. For uncensoreddns the output looks like:



2. Router safety is an issue!

As all your internet is going through your router, also make sure to properly configure your router! This tutorial will only give some key points, where it is always adviseable to check the web for potential threats concerning your router model. Keeping in mind the settings from below will however bring you closer to a secure web experience.

Check your Router password! Most of the users never change their router passwords and - even if the default user/pw are not things like user: admin password: admin - there have been breaches of company data containing the default router passwords. As the router is the gate to the web it is of utmost importance that it is not compromised! Log into your router and change the default user and pw!

Only use WPA2 for wifi - thinks like WEP can be hacked in less than 5 minutes. 

Disable remote administration - some routers feature it but it's a potential security risk.

Keep your router firmware up to date! Check if there are updates for your router model - if you are running on a very old router where no updates exist - consider contacting your ISP for a new model.

For an extended discussion of router security visit:

3. Don't browse the web randomly on a machine you use for crypto - it exposes your machine to things like flash which have been known to feature intrusion points for malware. Consider installing NoScript, as it blocks most of the unwanted scripts running on web-pages. 

4. Never - Never - Never expose your crypto holdings! It should be self-explanatory - but there still are people out their blurting about how many ADA they bough yesterday on twitter. Don't do this, it exposes you as a potential candidate to attack!

5. Stay safe - stay alert: Always follow the latest news on your project, only use proper links for the software, check pgp keys and stay up to date! Most of the hacks are exposed very fast and security updates are released sealing the back-doors.

6. Always be alert handling your crypto - if something seems strange - take a break and check again.

This is only a short list of things to pay attention to to stay safe - without the guarantee of complete safety - as it doesn't exist.

Image by Gerd Altmann from Pixabay 

Author StablePool
Supplying stable staking to the cardano blockchain. Hosted with a major german server hoster, 24/7/365 uptime, 8 cores and 8 Gb Ram in relay and producer, SSDs.
Author´s StakePool
Pool ID
Read next

Who will maintain Cardano

Cardano is a public global protocol with open source code. Millions of people can use it every day. The question is who should be responsible for maintaining the global protocol that is supposed to be... 12-02-2021, 14:13 · 14 min read

Cardano can give crypto a cash-like experience

IOHK donated $500,000 in ADA coins to the University of Wyoming to work on blockchain innovations. A part of the work will be research dedicated to design an ultra-low power crypto-authentication chip...
27-05-2020, 14:08 · 11 min read ·

Cardano smart contracts will enhance the abilities of decentralization

People are able to improve any technology and make it even more useful or versatile. Can the abilities of decentralization be enhanced or improved? Sure, why blockchain technology should be an excepti...
29-09-2020, 18:35 · 13 min read ·

Cardano does not need PayPal

Cryptocurrency gets into the point where banks and traditional financial private sectors have begun to integrate public blockchain to their centralized infrastructure. We can see rather negatives and ...
26-10-2020, 09:45 · 8 min read ·

Cardano Smart Contracts

The part of the decentralized future will not only be transactions but also the execution of smart contracts. The impact might be huge since it allows us to avoid the legal system....
15-10-2019, 22:00 · 12 min read ·