Best Security Practicies for a Novice: mySQL/Bitcoin Client

BCB

vip

Activity: 1078

Merit: 1002

BCJ

Quote from: crazy_rabbit on February 10, 2013, 01:27:38 PM

What do people think about this service:

http://www.dome9.com/

If I am hosting on Amazon Ec2, they can use the API to shut off all the ports all the time, except for when you plan to login. It seems like a nice solution to shut down any open ports, additionally as I have a developer working with me, it allows me to at a later point keep an eye on when they are on the server as well, no?

crazy rabbit. Great option. Shut down all your ports except 80 and 443 and only allow access to 22 from the single ip or ips that need access.

can't get any tighter then that.

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: ?? on ??

Quote from: crazy_rabbit on February 10, 2013, 01:27:38 PM

What do people think about this service:

http://www.dome9.com/

If I am hosting on Amazon Ec2, they can use the API to shut off all the ports all the time, except for when you plan to login. It seems like a nice solution to shut down any open ports, additionally as I have a developer working with me, it allows me to at a later point keep an eye on when they are on the server as well, no?

That is over kill for a bitcoin project, you should close the ports yourself, but 22,80,443 (if you have ssl) also if your worried about logins use ssh keys to login then you can easily remove them and that user could never come in or brute force your password. Why would you need to know when they log on to the server?

Well although I trust my developer, I might in the future have additional developers- or even the developer could be compromised in some way I can't know. It seems to make more sense to say, okay can we do this? I'll open the server for this day for updates/fixes, and then have it close again after. I don't have to wonder if the developer/s log back in at a different time after the fix has been done. I know I can close things myself, but I'm a novice. I'd rather know I haven't overlooked something.

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

What do people think about this service:

http://www.dome9.com/

If I am hosting on Amazon Ec2, they can use the API to shut off all the ports all the time, except for when you plan to login. It seems like a nice solution to shut down any open ports, additionally as I have a developer working with me, it allows me to at a later point keep an eye on when they are on the server as well, no?

Scrat Acorns

sr. member

Activity: 293

Merit: 250

Quote from: crazy_rabbit on February 04, 2013, 06:18:23 PM

All mysql calls are escaped so injection should (hopefully) be covered.

I'd make a habit of using prepared statements exclusively. No handcrafted SQL queries. All your parameters are sent as binary (or escaped automatically in some libs) and there is no need to escape. If you handcraft SQL queries there's a small chance you'll forget to escape something.

Quote from: CIYAM on February 04, 2013, 07:32:32 PM

Agreed that if you are storing information that is sensitive (such as email addresses or other more personal information) then it should be encrypted.

This makes zero sense if the decryption key is stored on the same server.

madmadmax

hero member

Activity: 740

Merit: 501

Quote from: crazy_rabbit on February 04, 2013, 06:18:23 PM

So I'm working on a project that will hold bitcoins and of course, security is the most obvious risk/danger.

On advice of the developer we have a specially compiled version of bitcoind (unnecessary RPC calls have been removed, as well as calls that pose a security risk).

Bitcoind runs under a separate user than the php script. SSH/ftp into the server is only possible with keyfiles.

All mysql calls are escaped so injection should (hopefully) be covered.

A cold wallet is being implemented so the majority of funds are off-site.

What other steps should I be keeping in mind? After some advice from a friend I'm worried as well about somehow the database being compromised in some slight way as to affect imperceptible shifts in balances that I would be unable to detect.

I toyed with the idea of every database entry having a hash generated from all the data and the hash being periodically verified against the database to check for manipulation. But is this realistic?

Anyone have any more ideas? Thank you

I am surprised that such an engine hasn't been developed for commercial websites yet...

BCB

vip

Activity: 1078

Merit: 1002

BCJ

yes this is extreme. Additional layers of security can be added with growth of value.

But we've seen it all in bitcoin.

Compromised hosts

exposed public keys

unpatched zero day exploit

trojans

disappearing data that was not backed up.

insider fraud.

If you are dealing with anything of value exposed though an http interface you are vulnerable.

You can never be too safe.

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: davout on February 05, 2013, 07:09:38 PM

Quote from: BCB on February 05, 2013, 06:57:43 PM

Close all unnecessary ports.

Only open ssh to admin's ip.

[...]

Plan for complete failure and run monthly complete restore runs only from back up.

implement fail over in co-located data centers.

Slightly overkill for the OP if you ask me.
While you're at it you might want to add that everything should be hosted in a nuclear bunker. On Mars.

so you have a service for hosting a server on mars? il take 1

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: BCB on February 05, 2013, 06:57:43 PM

Close all unnecessary ports.

Only open ssh to admin's ip.

[...]

Plan for complete failure and run monthly complete restore runs only from back up.

implement fail over in co-located data centers.

Slightly overkill for the OP if you ask me.
While you're at it you might want to add that everything should be hosted in a nuclear bunker. On Mars.

BCB

vip

Activity: 1078

Merit: 1002

BCJ

Close all unnecessary ports.

Only open ssh to admin's ip.

Don't run a mail server, irc bouncer or chat client on the same server.

If you can or if you can plan to scale run Bitcoind, Web Server and mysql on separate servers.

Replicate mysql to a 4th server.

Run Hourly encrypted backup on the Rep Server
Run Daily Encrypted back upon on the Main Mysql server
Save encrypted backup off-site daily.
Use an HSM to store and manage all private keys.

Plan for complete failure and run monthly complete restore runs only from back up.

implement fail over in co-located data centers.

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: crazy_rabbit on February 05, 2013, 06:22:05 PM

A book is a very good idea. That said- there are tons of them. Any you could recommend in particular? If not, I'm sure amazon will help, but that said- I was thinking there might be others here who went through the same growing pains. :-)

I don't really have a specific book in mind, but if I see one I'll be sure to update this thread.
Part of the "growing pains" you mention is "growing", and growing takes time and patience

I wish you luck !

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: davout on February 05, 2013, 11:53:29 AM

Quote from: DannyHamilton on February 05, 2013, 11:45:30 AM

I thought the internet was created so that we wouldn't need books any longer?

Well, e-books would qualify as books in my view.
I guess what I'm trying to say is that if the OP is asking such general questions on an internet forum, it can mean that he simply is not ready to undertake the task of thoroughly securing his server.
So my general advice would be that he document himself about the general principles, the different security layers, understand all the trade-offs and design choices that impact security and come back with a solid plan.

The OP seems to have interesting ideas (on which I already commented) but a serious lack of experience. Lacking experience is allright as long as you know it and have the brains to think for yourself.

Two general security principles :
- You can't have your cake and eat it too, there is *always* a trade-off between security and convenience, no exceptions.
- Don't code security-related stuff yourself, someone has probably already done it, and done it better than you. Use libraries as much as possible, not fancy ones, but mature ones. Don't hand-escape SQL, don't hash passwords yourself, etc. You get the idea.

A book is a very good idea. That said- there are tons of them. Any you could recommend in particular? If not, I'm sure amazon will help, but that said- I was thinking there might be others here who went through the same growing pains. :-)

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: DannyHamilton on February 05, 2013, 11:45:30 AM

I thought the internet was created so that we wouldn't need books any longer?

Well, e-books would qualify as books in my view.
I guess what I'm trying to say is that if the OP is asking such general questions on an internet forum, it can mean that he simply is not ready to undertake the task of thoroughly securing his server.
So my general advice would be that he document himself about the general principles, the different security layers, understand all the trade-offs and design choices that impact security and come back with a solid plan.

The OP seems to have interesting ideas (on which I already commented) but a serious lack of experience. Lacking experience is allright as long as you know it and have the brains to think for yourself.

Two general security principles :
- You can't have your cake and eat it too, there is *always* a trade-off between security and convenience, no exceptions.
- Don't code security-related stuff yourself, someone has probably already done it, and done it better than you. Use libraries as much as possible, not fancy ones, but mature ones. Don't hand-escape SQL, don't hash passwords yourself, etc. You get the idea.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: davout on February 05, 2013, 11:11:24 AM

You know, people write books about this subject. I suggest buying one.

I thought the internet was created so that we wouldn't need books any longer?

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: crazy_rabbit on February 05, 2013, 09:39:50 AM

Hey guys! Break it up! Shocked

Honestly both of you are giving me really good advice to think about. Any practical ideas to keep the sever where the code is hosted safe? I presumably could get a server running that hosted the bitcoind dameon and listened only to the ip of the main server. But how to ensure someone can't get into my server where the app code is hosted?

You know, people write books about this subject. I suggest buying one.

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Hey guys! Break it up! Shocked

Honestly both of you are giving me really good advice to think about. Any practical ideas to keep the sever where the code is hosted safe? I presumably could get a server running that hosted the bitcoind dameon and listened only to the ip of the main server. But how to ensure someone can't get into my server where the app code is hosted?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: davout on February 05, 2013, 07:16:03 AM

Quote from: CIYAM on February 05, 2013, 07:10:11 AM

I was doing security since before you were even born but of course you *must* be better than I.

Maybe it's time to brush up grandpa.

Quoted for the sake of it (this is how a *professional* business guys show their stuff these days).

Also will use the *ignore* feature for the very first time (congrats - couldn't have used it on a more deserving member).

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: CIYAM on February 05, 2013, 07:10:11 AM

I was doing security since before you were even born but of course you *must* be better than I.

Maybe it's time to brush up grandpa.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: davout on February 05, 2013, 07:03:04 AM

This is not about your little ego, it's about facts.

Hmm... my little ego - well let's just leave it at that (as yours is clearly *bigger*).

I was doing security since before you were even born but of course you *must* be better than I.

Cheesy

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: CIYAM on February 05, 2013, 06:49:41 AM

Please Davout - go get someone to hack my site and then we can talk about security models.

Keeping a decryption key on the same server that holds encrypted data is a bad security model.
This is factual, you can't have your cake and eat it too, security is about tradeoffs, if you want security you have to give up some convenience.
If someone tells you you can get a 7% weekly interest on your deposit he's probably a scammer.
If someone tells you you can encrypt data in the DB but automatically decrypt it at will he doesn't understand security. Slam dunk case of security-by-obscurity.

Quote from: CIYAM on February 05, 2013, 06:49:41 AM

The is *nothing* flawed apart from your (once again) bad behaviour in this forum (I suggest *growing up* and stop trying to be such a smart ass for starters).

This is not about your little ego, it's about facts.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: davout on February 05, 2013, 06:42:20 AM

Your security protects you against script-kiddies? Great! Now let's go back to real security that works with everyone.

Making it slightly harder to get the keys doesn't make a flawed security model less flawed.

Please Davout - go get someone to hack my site and then we can talk about security models.

There is *nothing* flawed apart from your (once again) bad behaviour in this forum (I suggest *growing up* and stop trying to be such a smart ass for starters).

Topic: Best Security Practicies for a Novice: mySQL/Bitcoin Client (Read 1657 times)