Energy Web Documentation
  • Energy Web Ecosystem
  • Launchpad by Energy Web
  • EWC Validator Documentation
  • Community Ressources
  • Legacy documentation
  • Start here
    • EWC Validator Documentation Overview
  • EWC Governance
    • Governance process
    • Proof-of-Authority Consensus Mechanism
    • EWC Validator Node Operational Functions
    • EWC Validator Roles & Responsibilities
    • Validators eligibility
    • Validators code of conduct
  • Guides
    • Set-up your Validator node in minutes with EW Launchpad
    • Installing a Validator Node
      • Host Machine Requirements
      • Recommended Security Settings
      • Operating System Requirements
      • Validator Node Installation Instructions
    • Maintaining a Validator Node
      • Validator Node Architecture
      • Validator Node Service Commands
      • Updating the Client
      • Changing the Validator Config File
      • Checking node status & logs
      • Migrating a validator node to a new environment
      • How To Transfer EWT from a Validator Node
      • Problems connecting to peers
  • Secure Your Validator Node
    • Changing validator payout address and setting up multi-signature
Powered by GitBook
On this page
Export as PDF
  1. Guides
  2. Installing a Validator Node

Recommended Security Settings

PreviousHost Machine RequirementsNextOperating System Requirements

Last updated 6 months ago

Running a validator node requires raised awareness of host and node security as authorities are a main attack surface to disturb operation of the blockchain. The following security rules are strongly recommended:

  • No services are permitted to run on the same host that are not part of the validator node package

  • All incoming connections on all ports except SSH (22/tcp) and the P2P (30303/tcp, udp) port have to be firewalled on the host with DROP rules. To guarantee proper network etiquette, incoming ICMP has to be accepted.

  • SSH access is only allowed for non-root users

  • SSH access is only allowed through RSA keys

  • Nethermind client RPC endpoints (HTTP, WebSocket) have to be disabled

  • System updates have to applied regularly and in a timely manner

  • Regular (monthly) run of rootkit detectors

  • If you are using AWS please also check out the additional .

AWS Security guide