External Risk Management in ExCraft’s Architecture
In our previous article titled An Introduction to the Security Behind ExCraft, we explored different types of exploits that exchanges have succumb to over the years. Additionally, we gave some brief insight regarding ExCraft’s architectural design. The next 2 posts will highlight a more procedural analysis as to how we breakdown risk management and conclude with a technical review of the ExCraft exchange.
External Risk Model
External risk is split into two primary subcategories: Hacking and Denial of Service type attacks (DoS and DDoS). Hacking, in reference to computer networks as many of you know, refers manipulation of an exploit in order to gain unauthorized access. DoS is a technique using a single computer to interrupt traffic to a targeted system. DDoS is similar to DoS but utilizes multiple computers to flood an identified resource, causing an even more profound effect. All of these, if any were to ever occur, would conduce a loss in trust amongst an exchanges users.
Hacking Mitigation
Hacking comes in many forms, but when we think about how to defend against an “Advanced Persistent Threat” (ATP), ExCraft is most concerned with delivering a sound and secure service by design. When developing any internet-facing service, special consideration must be made for analyzing a platform’s susceptibility. Along with general vulnerability assessments, ExCraft has sought external experts to preform the most advanced penetration tests available. “Pen tests” are used to exploit potential flaws in order to assess how much information an attacker could get (data leakage) or how deep into the network they can get. Results from these “pen tests” are delivered through a strong end-to-end encryption medium.
However, contracted security experts alone will not be enough to evaluate all facets of the exchange. In this regard, our community will be our biggest ally. ExCraft will also be implementing bug bounty programs to reward contributors in cryptocurrency for any vulnerabilities found based on a threat-severity OWASP risk-rating model. We look forward to providing more information about this in the near future. Secure means for reporting will be provided by the ExCraft team.
Denial of Service Mitigation
While DoS attacks do not necessarily expose customer assets, they can be leveraged to impact exchange liquidity, availability, and hurt the market price of tradable crypto assets. Ramifications may be long lasting as it impacts consumer confidence and slights would be reported by news outlets. To avert DoS and DDoS attacks, ExCraft implements industry leading “Artificial Intelligence” guided “Denial of Service” protection to automatically identify fraudulent behavior and block incursions. Third party AI analysis only assists our internal risk prevention composition, which is actually front run by how scalable our exchange really is.
As history has proven, internal threats pose a greater security risk than external ones. At ExCraft, we have subdivided internal risk into four main areas of interest: Perimeter, platform, operations, and compliance. Our next post will explore these, as well as the unique structure of the ExCraft exchange.
Please reach out and follow us on our official social media accounts to stay connected to your fellow Crafters!
ExCraft Exchange (Website):https://www.excraft.com
ExCraft Telegram (English):https://t.me/ExCraftExchangeENG
ExCraft Telegram (Chinese):https://t.me/ExCraftExchangeCN
ExCraft Telegram (Korean):https://t.me/ExCraftExchangeKR
