Parity & security
Issues with parity
- Regular syncing problems due to updates/bugs
- Issues with syncing when using private node
- Having unlocked account on public Parity node
- Problems with transactions that are not mined
Solution for unlocked account
How would it work?
- We will store our private keys in AWS Parameter Store or Secrets Manager instead of having unlocked accounts in Parity
- Implement custom Web3 Provider, that will sign all transactions before sending it to our Parity node
- That Web3 Provider will be able to use our private keys stored in AWS
- Our private keys won't ever leave our private network
- As a benefit, we will be able to switch to other node e.g. Infura in case of failure, etc
Security challenges/topics
- SSH access to production machines
- Access to production AWS credentials/accounts
- Security of our local machines
- Security compliance in regard to storing user's data
- DDoS protection
- 2FA everywhere
- Replay attacks
AWS Shield & WAF
- Protection agains DDoS attacks
- In "Advanced" version, access to AWS dedicated support team
- DDoS cost protection
- Web traffic filtering
- Protection against XSS
- WAF can also provide real-time metrics about incoming requests (something that we're currently doing on our own)
CloudTrail & Config
- Logs for everything that is happening on our AWS accounts
- Detecting possible unsecure configuration, etc
- Detecting dbs without backups turned on
- Detecting open security rules
- And more...