Our Best Practices for Securing our Delegation Service
During the process of building our Delegation Service, we made some strategic decisions about our tech stack. We're happy to share what we can here.
We host in the cloud on a Linux distribution, using only the specific packages we require to minimize potential vulnerabilities.
We close all ports except web services and a few ports needed in case of maintenance requirements, at both the server and firewall management levels.
We use CloudFlare to mitigate DDoS attacks on our website, and to hide the IP address of our web server.
All hosted servers run SSH on a non-standard port, with Fail2Ban running to help prevent brute force attempts.
Password authentication is disabled, as we only use SSH keys for access.
IP addresses with access to the servers' SSH ports are whitelisted.
Information is encrypted from your computer to CloudFlare and remains encrypted all the way to the database.
Database is also encrypted.
Web server backend sanitizes all inputs at 3 levels: at the data flow level to prevent injection attacks, with a custom defined filter, and using prepared statements.
All credentials (email for hosting, CloudFlare, SSH keys, etc.) are entered from a secure non-Windows computer with full disk encryption.
We run in private mode and manually trust specific nodes.
Private key for the tz1TDS account is encrypted.
Server running our web server is not directly connected to the server running the Tezos node.
All communication between the 2 servers is encrypted but treated as potentially dirty data.
Payouts are calculated, then added to an escrow system so that the exact amount and breakdown can be verified prior to funding.
Infrastructure has redundancy plans in case hosting provider goes offline.
Load balancers for backend and database allow for consistent throughput under heavy load.
Prevents double baking in the event a Tezos node server goes down and the backup comes up.