Security Policies

This policy revised and last updated: January 23, 2024.

Introduction

At Stardust Staking and Solutions we prioritize the security of our blockchain validator nodes and servers we run. This security policy outlines the measures and practices we employ to safeguard our infrastructure and the blockchain networks we support.

SSH Authorization

  • Key-Based Authentication: We strictly use SSH key-based authentication for server access. Password-based access is disabled to enhance security against brute-force attacks.
  • Encrypted SSH Keys: All SSH keys are encrypted with strong passphrases to prevent unauthorized use in case of key leakage.
  • Regular Key Rotation: SSH keys are rotated regularly, and old keys are revoked to maintain secure access.

Server Deployment

  • Secure Configuration: Servers are configured following industry best practices, ensuring unnecessary services and ports are disabled. We use ansible playbooks and follow industry best practices to secure the deployment.
  • Firewalls and Intrusion Detection: Firewalls are configured on all validator nodes. Intrusion detection systems monitor for suspicious activities.
  • Regular Updates: Systems are regularly updated with the latest security patches to protect against vulnerabilities.

Access to the Server

  • Limited Access: Access to servers is restricted to authorised personnel only, based on the principle of least privilege. We use IP-restricted hub for all personnel to access the servers, server firewall is restricting the SSH ports to hub IP only.
  • Audit Trails: All server access is logged and monitored for unusual activities. Audit logs are reviewed regularly.

Access to Validator Keys

  • Strict Access Control: Access to validator keys is strictly controlled and monitored. Keys are only accessible to essential personnel.
  • Multi-factor Authentication: Multi-factor authentication is required for any operations involving validator keys, where possible.

Cold Storage of Access Keys

  • Hardware Security Modules (HSMs): Critical keys are stored in HSMs to provide physical and logical protection against tampering and unauthorized access (supported platforms only)
  • Ledger Devices: For additional layers of security, Ledger devicesare used for storing backup keys in cold storage.

Additional Security Measures

  • Regular Security Audits: Our systems undergo regular security audits by contracted experts to identify and rectify potential vulnerabilities.
  • Incident Response Plan: We have a comprehensive incident response plan in place to quickly address and mitigate any security breaches.
  • Employee Training: Ongoing security awareness and training are provided to all employees to ensure they are aware of best practices and the latest threats.

Continuous Improvement

Our security policies and practices are regularly reviewed and updated to incorporate the latest security trends and technologies. We are committed to maintaining the highest security standards to protect our infrastructure and the blockchain ecosystems we support.