Matakanode.io security settings

In a proof of stake blockchain validation system delegators trust validators to produce blocks on their behalf and they earn the majority of the benefit from the staking rewards for doing that. The validator has an obligation to maintain maximum uptime to avoid missing the opportunity to create blocks. Whilst the delegator does not have a credit risk on the validator, or any risk of their stake being stolen if a validator gets hacked, they do have the risk that the validator may not be up all the time and may miss opportunities. There is also a slim chance that the validator attempts to create a false fork or false blocks which may subject their stake to slashing. The risk of a successful attack on the blockchain is very low, however the risk does exist and so delegators should conduct due diligence on their chosen validator.

At MatakaNode.io we have a strong respect for the duty to maintain maximum uptime so that those delegators who entrust us with their stake can earn maximum rewards and never get their stake slashed. As a 35 year financial professional who remains active, the founder understands the responsibility to clients and employs the same duty of care in managing the node as he does in the regulated activity he engages in.

Below is a list of the security standards that we employ to ensure our nodes run with maximum up-time and ensure the highest probability of producing blocks for our stakeholders. When it comes to security, nothing is 100% secure, so employing multiple and diverse layers of security is the best way to make any attackers give up.

All validator nodes.

  • Port 22 disabled. Deny access to avoid DDoS attacks.
  • SSH port set with secret port, no derivation of port 22.
  • SSH password authentication disabled.
  • SSH only accessible from specific fixed IP address over VPN.
  • SSH keypair authentication combined with MFA for ultimate security.
  • Access to VPN limited to operator only.
  • All inbound ports closed other than those required to operate.
  • No default ports used unless required.
  • Always up-to-date with latest releases and upgrades of underlying blockchain version.

Cardano Validator specific

  • 2 x Relay nodes in separate locations in different continents.
  • Only relay nodes know identity of block producing node.
  • Only relay nodes can connect to block-producing node.
  • Block-producing node not using default ports 6000/6001.

Solana Validator specific

  • Node does not use default ports 8000 – 8020