Hop Docs
User Docs
Developer Docs
Developer Docs
  • Welcome
  • JavaScript SDK
    • Welcome
    • Getting started
    • API Reference
  • API
    • API Endpoints
  • Hop Node
    • Running a Hop Bonder
      • Bonder Requirements
      • Choosing a Platform
        • EC2 Setup
      • Securing your Server
        • Add SSH 2FA
      • Installing the Bonder
        • Installing the Bonder with Docker (recommended)
      • Configuring the Bonder
        • Keystore
          • Keystore AWS Parameter Store (recommended)
          • Keystore Local Passphrase
        • Configuration
      • Testing the Bonder
      • Running the Bonder
        • Staking
        • Starting the Bonder
      • Next Steps
    • Bonder Options
      • CLI Commands
      • Keystore Options
      • AWS KMS Signer
      • Monitoring
        • Docker CloudWatch Logs
        • Prometheus
      • Running Docker Container Options
      • Contract State
    • Resources and Best Practices
      • Securing Cloud Instance
      • Additional Security & Node Best Practices
      • Additional questions
  • Subgraphs
    • Welcome
    • Entities
    • Queries
    • Subgraph Info
  • Smart Contracts
    • Welcome
    • Integration
    • Contract Addresses
  • Fees
    • Fee Calculation
  • RPC
    • RPC Endpoints
  • Other
    • Assets
    • On the web
    • FAQ
Powered by GitBook
On this page
Edit on GitHub
  1. Hop Node
  2. Resources and Best Practices

Additional Security & Node Best Practices

Quick steps to secure your node

Last updated 2 years ago

CtrlK
  • Additional Security
  • Instance Best Practices

Additional Security

This guide shows you how to take additional steps to secure your server. Each security item is enumerated below.

Please note that any ports listed in the guide are not specific to the Hop Node.

  1. ****Create a non-root user with sudo privileges

  2. ****Disable SSH password Authentication and Use SSH Keys only

  3. Update your system

  4. Setup Two Factor Authentication for SSH [Optional]

  5. Secure Shared Memory

  6. Install Fail2ban [Optional]

  7. Configure your Firewall

  8. **** Verify Listening Ports

  9. **** Use system user accounts - Principle of Least Privilege [Advanced Users / Optional]

Instance Best Practices

The following are best practices when running a node.

Type
Best Practice

Networking

Assign static internal IPs to both your validator node and daily laptop/PC. This is useful in conjunction with ufw and Fail2ban's whitelisting feature. Typically, this can be configured in your router's settings. Consult your router's manual for instructions.

Power Outage

In case of power outage, you want your validator machine to restart as soon as power is available. In the BIOS settings, change the Restore on AC / Power Loss or After Power Loss setting to always on. Better yet, install an Uninterruptible Power Supply (UPS).

Clear the bash history

When pressing the up-arrow key, you can see prior commands which may contain sensitive data. To clear this, run the following:

shred -u ~/.bash_history && touch ~/.bash_history