Security

Maintaining operational security and reliability is a top priority for Nordstar, and we have over twenty years of experience to build upon. As security professionals we have to deal with a very dynamic threat landscape daily. Staying up to date on threat developments and industry best practices enables us to run a very secure operation.

Reliability starts with premium hardware. We use the latest generation enterprise solutions, ensuring battle-tested robustness and high performance. Further, our validator is located in a data center with redundant network connections and power supplies, guaranteed by a favorable service level agreement (SLA).

Measures

Even though securing a single server is quite simple, many validators fail to implement the most basic measures. Below follows a high-level summary of our most important measures. Feel free to contact us for more info.



Constant monitoring

We know how our validator performs at all times. If something irregular happens to it, we will be notified instantly.



Updating Solana regularly

We get notified about new Solana releases, and perform updates in accordance with official recommendations.



Security patching

We check for and install Linux security patches daily. Kernel updates are coordinated with Solana updates, to minimize downtime (unless they are critical).



Strict firewall settings

We only expose ports which are absolutely necessary to operate: SSH and the minimum range required by Solana. Traffic to any other port is blocked.



Hardened SSH configuration

We only use public-key cryptography for remote access. Password login and outdated key algorithms are disabled.



Strict identity management

We run separate user accounts for the administrator and the Solana user. The latter does not have sudo privileges. The root account is disabled.



Minimizing the attack surface

We run the bare minimum of software required to operate safely. Our node is dedicated to validating blocks, and only that.



Considering new measures regularly

Our default is “best practice”. When we find a better practice, that will be our new default. And we are always looking.