Safrochain
DocsAPIsWebsiteSafroHub
Explorer
  • Testnet
  • Mainnet (soon)
DocsAPIsWebsiteSafroHub
Explorer
  • Testnet
  • Mainnet (soon)
  1. Nodes & Network
  • Introduction
    • What is Safrochain?
    • Key Ecosystem Components
    • Roadmap and Future Plans
  • Quickstart
    • Install a Node
    • Join the Public Testnet
    • Use the Faucet
    • Join as Validator
    • Join as a Relayer
  • Nodes & Network
    • Node Types (Full, Validator, Relayer…)
    • Updating and Upgrading Nodes
    • Security Guidelines
    • RPC/REST/gRPC Endpoints
  • Development & Integration
    • SDKs & Supported Libraries
    • IBC Integration
    • Building and Broadcasting Transactions
  • Explorer & APIs
    • Resouces
  • Wallets & Staking
    • Connecting a Wallet
    • Staking SAF Tokens
    • Delegating to Validators
    • Rewards and Slashing Information
  • Token Economy
    • SAF Token
    • Inflation & Supply Strategy
    • Liquidity Pools and DEX
    • Governance Utility of the Token
  • APIs
  1. Nodes & Network

Security Guidelines

Securing your Safrochain node is critical to protect funds, validator status, and network integrity. This section provides comprehensive best practices for securing Full, Validator, and Relayer Nodes.

🔒 Security Best Practices#

1. Key Management#

Backup Keys: Securely back up priv_validator_key.json and wallet keys offline.
Encrypt Storage: Use encrypted drives or password-protected archives.
Avoid Exposure: Never share or store keys in unsecured locations (e.g., public repos).
Command:

2. Firewall and Network Security#

Restrict Ports: Allow only required ports (26656 for P2P, 26657 for RPC, 1317 for API, 9090 for gRPC).
Deny Unused Ports: Block non-essential ports (e.g., 26658, 6060).
Public Exposure: Limit RPC/REST endpoints to localhost or use VPN/reverse proxy for public access.
DDoS Protection: Enable rate-limiting or cloud provider DDoS mitigation.
Command (Linux):

3. Access Control#

Secure SSH: Use key-based authentication, disable root login, change default port (22).
File Permissions: Restrict $HOME_NODE directory to the node user.
User Isolation: Run safrochaind under a dedicated, non-root user.
Command:

4. Software and Dependency Updates#

Update Regularly: Keep safrochaind, OS, and dependencies (e.g., Go) updated.
Verify Releases: Check signatures of Safrochain releases on GitHub.
Command:

5. Monitoring and Logging#

Monitor Logs: Check for errors or suspicious activity in real time.
Network Monitoring: Track connections to detect unauthorized access.
Alerts: Set up alerts for downtime or anomalies (e.g., via systemd or external tools).
Command:

6. Validator-Specific Security#

High Uptime: Ensure 99.9% uptime to avoid slashing.
Double-Signing Protection: Use a unique priv_validator_key.json per node.
Sentry Nodes: Deploy sentry nodes to shield validators from direct attacks.
Command (Check validator status):

7. Backup and Recovery#

Regular Backups: Schedule automated backups of $HOME_NODE/config and wallet keys.
Test Recovery: Verify backups by restoring keys on a test system.
Command:

⚠️ Notes#

Never expose private keys in logs, scripts, or public forums.
Use hardware security modules (HSMs) for validators in production.
Regularly audit node access and logs for security breaches.
For cloud deployments, use security groups to restrict inbound traffic.
Modified at 2025-07-02 22:16:36
Previous
Updating and Upgrading Nodes
Next
RPC/REST/gRPC Endpoints
Built with