Security
Maintaining operational security and reliability is a top priority for Nordstar, and we have over twenty years of experience to build upon. As security professionals we have to deal with a very dynamic threat landscape daily. Staying up to date on threat developments and industry best practices enables us to run a very secure operation.
Reliability starts with premium hardware. We use the latest generation enterprise solutions, ensuring battle-tested robustness and high performance. Further, our validator is located in a data center with redundant network connections and power supplies, guaranteed by a favorable service level agreement (SLA).
Measures
Even though securing a single server is quite simple, many validators fail to implement the most basic measures. Below follows a high-level summary of our most important measures. Feel free to contact us for more info.
Constant monitoring
We know how our validator performs at all times. If something irregular happens to it, we will be notified instantly.
Updating Solana regularly
We get notified about new Solana releases, and perform updates in accordance with official recommendations.
Security patching
We check for and install Linux security patches daily. Kernel updates are coordinated with Solana updates, to minimize downtime (unless they are critical).
Strict firewall settings
We only expose ports which are absolutely necessary to operate: SSH and the minimum range required by Solana. Traffic to any other port is blocked.
Hardened SSH configuration
We only use public-key cryptography for remote access. Password login and outdated key algorithms are disabled.
Strict identity management
We run separate user accounts for the administrator and the Solana user. The latter does not have sudo privileges. The root account is disabled.
Minimizing the attack surface
We run the bare minimum of software required to operate safely. Our node is dedicated to validating blocks, and only that.
Considering new measures regularly
Our default is “best practice”. When we find a better practice, that will be our new default. And we are always looking.