Phuong Cao
Aug 13, 2019 · 3 min read

To be a DevOps in Blockchain & cryptocurrency

In this topic, I would like to share my some keynotes to work as DevOps role in the Blockchain & cryptocurrency.

Image for post
Image for post

Node maintenance and upgrade

As you might know, the Blockchain world is still at a young stage. The source code, the algorithm, and the infrastructure have to be upgraded or changed sometimes. Therefore, it’s very important to keep tracking and following to make sure your system works well. To monitor all the updates, I recommend following the GitHub official repo, Reddit official community, and newsletter.
Needless to say, before you start to upgrade a Blockchain node software to a newer version, you need to ask the dev team to check on the API and documentation changes to make sure everything works as per expectation.

Build multiple layers of defenses

First and foremost, the idea behind the principle of defense in depth is to not rely on ONE type of defense for protection but to instead build layers of defenses. I would recommend the following layers below.

The first layer would be the network route to your server system. Make sure only your staffs with VPN connection can access to your servers.

The second layer is the firewall rules on your system. It must be shielded correctly, barely enough and easy to understand. It’s strongly recommended that you use Cloud Service Providers which provide a friendly portal to manage firewalls, such as GCP or AWS.

The third one would be related to SSH access to your system. The system must only allow access with SSH keys, not the password authentication. Moreover, all SSH key must have a passphrase, managed in the password manager.

Last but not least, try all best efforts to protect crypto wallets and private keys. It’s vital for closely working with the dev team and technical manager to find the best methods for secure storing. For example, its better for the private key to be divided into multiple parts, one piece in the environment variable, a piece in local files, one part implemented in the code, a piece put in the database, etc

Keep yourself get rid of exploits

Do remind yourself every day, that you are the point that hackers will target, you are the one who has access to all servers, keep certificates, passphrases, wallet and secret key, etc…Also, you are the one who has the documentation to understand the whole infrastructure.

Firstly, separate your personal accounts and authentication to your at-work ones. If an attacker has access to your personal account, he has more chances to get your at-work things.

Secondly, use a password manager to manage your credentials. When an attacker knows your Gmail account, he will try to access AWS or GCP with similar information. So, it’s better to make your credentials different on different services.

Lastly, make sure to use all available security methods to protect yourself. Nowadays, with 2FA authentication, people can protect their accounts by both password authentication and phone device.

In the next part of the series, I will introduce about transaction monitoring and alerting on Ethereum.

Read more:

Crypitor Service.

Monitoring the Crypto world!

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store