# Recommended Security Settings

Running a validator node requires raised awareness of host and node security as authorities are a main attack surface to disturb operation of the blockchain. The following security rules **are strongly recommended**:

* No services are permitted to run on the same host that are not part of the validator node package
* All incoming connections on all ports except SSH (22/tcp) and the P2P (30303/tcp, udp) port have to be firewalled on the host with DROP rules. To guarantee proper network etiquette, incoming ICMP has to be accepted.
* SSH access is only allowed for non-root users
* SSH access is only allowed through RSA keys
* Nethermind client RPC endpoints (HTTP, WebSocket) have to be disabled
* System updates have to applied regularly and in a timely manner
* Regular (monthly) run of rootkit detectors
* If you are using AWS please also check out the additional [AWS Security guide](https://energyweb.atlassian.net/wiki/spaces/EWF/pages/703037441/AWS+Security+Guide).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.energyweb.org/ewc-validator-documentation/guides/installing-a-validator-node/recommended-security-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.