Parity & security

Issues with parity

  1. Regular syncing problems due to updates/bugs
  2. Issues with syncing when using private node
  3. Having unlocked account on public Parity node
  4. Problems with transactions that are not mined

Solution for unlocked account

How would it work?

  1. We will store our private keys in AWS Parameter Store or Secrets Manager instead of having unlocked accounts in Parity
  2. Implement custom Web3 Provider, that will sign all transactions before sending it to our Parity node
  3. That Web3 Provider will be able to use our private keys stored in AWS
  4. Our private keys won't ever leave our private network
  5. As a benefit, we will be able to switch to other node e.g. Infura in case of failure, etc

Security challenges/topics

  • SSH access to production machines
  • Access to production AWS credentials/accounts
  • Security of our local machines
  • Security compliance in regard to storing user's data
  • DDoS protection
  • 2FA everywhere
  • Replay attacks

AWS Shield & WAF

  • Protection agains DDoS attacks
  • In "Advanced" version, access to AWS dedicated support team
  • DDoS cost protection
  • Web traffic filtering
  • Protection against XSS
  • WAF can also provide real-time metrics about incoming requests (something that we're currently doing on our own)

CloudTrail & Config

  • Logs for everything that is happening on our AWS accounts
  • Detecting possible unsecure configuration, etc
  • Detecting dbs without backups turned on
  • Detecting open security rules
  • And more...

Parity & security

By progressive

Parity & security

  • 530