Nimbus book: Page on best practices around node security and privacy

[unixpi]

To quote @mratsim : "VPNs would be standard, change your SSH port for remote administration, don't use the default 22"

[stefantalpalaru]

Sounds like Voodoo security practices.

VPN is great for hiding your IP, at the cost of giving the VPN operator access to all your network traffic. Is there any unencrypted data in there that you care about? And what about those times the VPN link drops? Do you have anything set up to alert you? Will beacon_node be offline until you figure out something's wrong?

Hiding your SSH port means you don't trust your ability to detect and block brute-force bots with something like fail2ban (or disabling password logins). Your "security" now depends on whether script kiddies will learn to use nmap.

Security is too complex of a subject to be handled with a simple list of dos and don'ts. There are non-trivial trade-offs to be made.

[unixpi]

happy we started a discussion :)

[mratsim]

For context, the question in the chat was about privacy, not security. If you care about privacy, use a VPN or Tor, obviously you can fall into Tor honey pots.

Regarding security, it should be layered, you can't defend against all with a single countermeasure.

Moving SSH port significantly increase the cost for attackers because they have to scan your whole port range and tools like fail2ban or sshguard or firehol or Pi-hole will have a bigger window to detect and block suspicious behavior or alternatively they would have to do staggered port scan from multiple proxies over hours/days to find your open ports. Script kiddies will be discouraged.

Regarding alerting, beacon explorers already have alerting service when a validator misses its duties.

The fact that security is complex even for us means it will be nebulous for many others.

In terms of presentation I found the privacy-tools.io pros/cons quite helpful to highlight the tradeoffs. Example on Instant Messengers

So we will likely want a page with

• VPN Pros/Cons
• ...

And we might want separate analysis for privacy and security because as you said, privacy might require routing your traffic through a "trusted" third-party (VPN) or having a third party host your beacon node (VPS, dedicated machine).

[stefantalpalaru]

In terms of presentation I found the privacy-tools.io pros/cons quite helpful to highlight the tradeoffs.

I like that approach.

[arnetheduck]

it does sound like these things should be backed up with a reference to what they defend against, specifically

[unixpi]

Documenting this here, as a note to self.

Discord question: "General security question: Should I refrain from installing any 3rd-party crypto-related software on devices within my network? (beaconcha.in's new app, coingecko, etc..)"

@mratsim : "The most important thing is to never enter your secret mnemonic on a computer or phone that you do not trust and absolutely never on any website, even if it seems to come from a legit site (for example all the Ledger phishing issues going on today). A basic precaution is to disconnect from the internet when generating your keys. You might also want to maybe do key generation on a fresh Linux image straight from the distribution that you boot on USB and disconnected from internet Because you might have a keylogger on your device for example. Hardware keys like Yubikey and Trezor/Ledger are also very useful. I think Ledger is working on Eth2 support though I don't think either Trezor or Ledger have something for the general public yet. (Yubikey for two factor auth for stuff like Google account or Github account)"