General security considerations
Although Nethermind is thoroughly tested, the more popular it becomes, the more likely it will be a target of client-specific attacks. Generally, we recommend you always consider running backup client nodes from another developer for any critical operations.
Enable only the JSON-RPC namespaces you absolutely need. This is particularly important for namespaces like
debug, as they can be exploited to get elevated access to your node or for DOS attacks.
The private key the node id is derived from is stored on the disk as plaintext.
These rules are highly recommended to be applied to your firewall:
- Block all traffic to the port
8545, or whatever port is defined for JSON-RPC interface, except for traffic from explicitly defined trusted sources.
- Allow traffic to the TCP port
30303or whatever port is defined for P2P communication. This allows the node to connect to peers.
- Allow traffic to the UDP port
30303or whatever port ia defined for P2P communication. This allows node discovery.