Since I’ve done couple of private blockchains until now, and seen some bad practices here’s a checklist on how to secure them
- Do you understand that only by decentralization you’re going to keep this private blockchain secure ?
- Are they all on AWS ? yes: move them to difrent cloud providers
- Do your DEVOPs / System Admins have access to E.V.E.R.Y.T.H.I.N.G?
This includes but not limited to: pem files to login into the VMs. the private keys for the signer nodes. root access to the VMs. IPs of the VMs etc. SSL Certificates and so on…
This one is hard to fix, but the only solution I can think of is… having a good CTO that understands a bit security.
4. Is the firewall correctly set up?
5. Do you have adequate anti ddos protection ?
6. Is your VM setuped correctly, are ports closed, is other shit running on it and other apps / databases etc ?
7. What you do if a node goes offline ? what if 2? what if 3? do you know a) to debug what caused it ? b) to fix it and make sure it doesn’t happen again
8. Do you know how to add new signer nodes and how to kick others out?
9. Do you know the limit of the public RPC Node ? If it’s not enough, is the public RPC node behind some load balancers?
10. Do you have external security audits performed by people more competent than the one that did the work ?
Lucky for you, I’m available for number 10. If you want a security audit on your blockchain checkout https://to.wtf
