Node Provider Decentralization and Security Guide

From Internet Computer Wiki
Jump to: navigation, search


As a Node Provider, you are a defender of the Internet Computer's decentralization. Here are some recommendation to maximize your decentralization contribution:

  • Be as independent as possible from other Node Providers
    • Do not own shares in multiple Node Provider organizations
    • Have only a single Node Provider identity
    • When seeking support/discussion, use public channels so that Node Provider interaction is transparent
    • While other Node Providers may offer advice, you're fully responsible for and in charge of your own nodes
  • Be vigilant
    • Be independent minded, make your own decisions and do not blindly trust 3rd party advice (DFINITY is also a 3rd party that should not be blindly trusted and that holds no special authority over the Internet Computer)
    • Be aware that misinformation can be used as an attack vector, and therefore, it is important to verify information from multiple sources (preferably public and authenticated)
    • If you suspect somebody is trying to deceive you, it may be helpful to other Node Providers and other members of the IC community if you use public channels to warn them
  • Restrict access to node machines
    • Whenever possible, it is best to perform all node-maintenance yourself and to avoid 3rd-party support all together
    • When 3rd-party servicing is necessary, use a local service (preferably somebody you know and trust) rather than a global one and carefully monitor their work
  • Use local and trusted supply chains
    • If possible, purchase hardware locally from a trusted vendor to avoid global single points of failure and to reduce the risk that somebody tampers with your hardware during delivery
  • Avoid single points of failure in Node Provider organizations with multiple people
    • When possible, use the four-eyes principle
    • For transparency about your decentralization contribution, you may provide a description of your internal security controls against single-person access in your self-declaration (discussed in milestone three)
    • Restrict access to trusted employees and collaborators and vet new personnel and collaborators
  • Set up your Node Provider service with a local mindset
    • Choose a local data center that you can easily reach and inspect
    • Choose a data center that is not part of a global business to reduce risk from extra-territorial influence
    • Operate your nodes in the same country as you/your organization reside
    • Use local employees who live in the same area and that you know yourself
  • Keep information relating to decentralization up-to-date
    • For example, if you relocate, you should report this to the NNS


  • Lock up your hardware
    • Understand and verify the physical access control to your node machines in the data centers
    • Determine who should be authorized to use the devices that comes in contact with the node machines (USB sticks, HSMs, network cables, laptops, etc.) and prevent unauthorized physical access through safe storage and alarm systems
    • Establish safe work practices, e.g., four-eyes principle when accessing node machines or using other devices to avoid tampering with them
    • Determine who should have physical keys to access hardware and instruct them to keep the keys safe
    • Keep devices disconnected from the Internet except when strictly necessary to be online
  • Store passwords and secret keys safely
    • Use key splitting to back them up in a way that no single-point compromise will cause loss