User Docs

Additional Security & Node Best Practices

Quick steps to secure your node

Additional Security

This guide shows you how to take additional steps to secure your server. Each security item is enumerated below.

Please note that any ports listed in the guide are not specific to the Hop Node.

  1. ****Create a non-root user with sudo privileges

  2. ****Disable SSH password Authentication and Use SSH Keys only

  3. Update your system

  4. Setup Two Factor Authentication for SSH [Optional]

  5. Secure Shared Memory

  6. Install Fail2ban [Optional]

  7. Configure your Firewall

  8. **** Verify Listening Ports

  9. **** Use system user accounts - Principle of Least Privilege [Advanced Users / Optional]

Instance Best Practices

The following are best practices when running a node.

Type
Best Practice

Networking

Assign static internal IPs to both your validator node and daily laptop/PC. This is useful in conjunction with ufw and Fail2ban's whitelisting feature. Typically, this can be configured in your router's settings. Consult your router's manual for instructions.

Power Outage

In case of power outage, you want your validator machine to restart as soon as power is available. In the BIOS settings, change the Restore on AC / Power Loss or After Power Loss setting to always on. Better yet, install an Uninterruptible Power Supply (UPS).

Clear the bash history

When pressing the up-arrow key, you can see prior commands which may contain sensitive data. To clear this, run the following:

shred -u ~/.bash_history && touch ~/.bash_history

Last updated