Although the name of this pool might make you laugh, security is not even close to being a joke. Let’s dive into the technical details to understand how I make sure your funds and your return on ada is secured.
Basic security practices
As you might expect all of the following practices are in place with all the machines:
- no password ssh allowed
- firewalls all other place
- all unused ports are closed
- different machines for all the nodes
- only the minimum required keys are on the block producer’s machine
- cardano-node is not running as root
- no docker runtime is ever installed
- Hardware based 2FA is used to secure the user accounts of the cloud providers.
4 tier architecture
The pool is built around four very independent machines that are hosted on state of the art clouds. Two of these machines are used as relays to ensure the pool is always up to date with the blockchain. One machine is the block producer that validate transactions and creates blocks. One last machine is the fallback, or as I like to call it « thank god you were there ».
The relays are publicly reachable and you can check their respective technical stats directly on the web (links below) thanks to adapool.org. The block producer however is completely hidden from the rest of the network. It only accepts incoming and outgoing traffic from the relays.
One last machine is running hidden from the network, it only allows traffic from and to the official IOHK relays. That machine is the action of last resort in case the block producer gets compromised. It is ready to be spawned up as the new block producer in case the first one can no longer validate blocks.
That machine is also used to minimise down time to almost zero in case the block producer needs to be upgraded to a new version of the cardano-node.
Keys and pledge
All the necessary keys to maintain and run the pool are stored on a local machine far from the servers of the pool.
As of February 26 2021, the keys assigned as owner of the pool, which store the pledge, is now hardware based using a ledger wallet. What this means is that even if an attacker manages to get access to any of the machines, there is no way for them to incur a financial loss due to a pledge theft. It only takes me a few minutes to redirect the work of block producing to the fallback server.
I don’t wish myself any problems in the near future. However, in case of a sudden impossibility for me to run the pool, I have selected someone close to me both physically and socially that is capable of running all the technical aspects of the pool. That person already ran a stake pool in the past and knows how to take over.