In this topic, I would like to share my some keynotes to work as DevOps role in the Blockchain & cryptocurrency.
Node maintenance and upgrade
As you might know, the Blockchain world is still at a young stage. The source code, the algorithm, and the infrastructure have to be upgraded or changed sometimes. Therefore, it’s very important to keep tracking and following to make sure your system works well. To monitor all the updates, I recommend following the GitHub official repo, Reddit official community, and newsletter.
Needless to say, before you start to upgrade a Blockchain node software to a newer version, you need to ask the dev team to check on the API and documentation changes to make sure everything works as per expectation.
Build multiple layers of defenses
First and foremost, the idea behind the principle of defense in depth is to not rely on ONE type of defense for protection but to instead build layers of defenses. I would recommend the following layers below.
The first layer would be the network route to your server system. Make sure only your staffs with VPN connection can access to your servers.
The second layer is the firewall rules on your system. It must be shielded correctly, barely enough and easy to understand. It’s strongly recommended that you use Cloud Service Providers which provide a friendly portal to manage firewalls, such as GCP or AWS.
The third one would be related to SSH access to your system. The system must only allow access with SSH keys, not the password authentication. Moreover, all SSH key must have a passphrase, managed in the password manager.
Last but not least, try all best efforts to protect crypto wallets and private keys. It’s vital for closely working with the dev team and technical manager to find the best methods for secure storing. For example, its better for the private key to be divided into multiple parts, one piece in the environment variable, a piece in local files, one part implemented in the code, a piece put in the database, etc
Keep yourself get rid of exploits
Do remind yourself every day, that you are the point that hackers will target, you are the one who has access to all servers, keep certificates, passphrases, wallet and secret key, etc…Also, you are the one who has the documentation to understand the whole infrastructure.
Firstly, separate your personal accounts and authentication to your at-work ones. If an attacker has access to your personal account, he has more chances to get your at-work things.
Secondly, use a password manager to manage your credentials. When an attacker knows your Gmail account, he will try to access AWS or GCP with similar information. So, it’s better to make your credentials different on different services.
Lastly, make sure to use all available security methods to protect yourself. Nowadays, with 2FA authentication, people can protect their accounts by both password authentication and phone device.
In the next part of the series, I will introduce about transaction monitoring and alerting on Ethereum.