Am ain't sure if there's any conventional best way on how to protect a web wallet, it all depends on how your owner specifically choose amidst many ways on doing so.
Anyways, here's a recomended tip on how you can connect your electrum wallet to your own full node securely.
https://github.com/chris-belcher/electrum-personal-server
I hope it meets your expectation.
Topic: Security guide for web wallet protection (Read 97 times)
You can run your Electrum server without any funds on it; therefore not making it a 'web wallet', and dramatically reducing its risk profile.
That's what I'd recommend: run your Bitcoin node with Electrum server software on it somewhere and connect your SPV wallet to it through Tor.
Keep your keys on the machine running the SPV wallet, which by the mere fact of not being a server, not being online all the time and having fewer open ports and a more restrictive firewall, will be more secure.
Since this is not a server, it will also be easy to actually keep keys off that device, too and using a hardware wallet with the keys on it instead.
In that setup, the secure computer will construct a PSBT, get it signed fully offline by the hardware wallet, then send the PSBT to the semi-secure Electrum server which finally broadcasts it to the Bitcoin network.
That's what I'd recommend: run your Bitcoin node with Electrum server software on it somewhere and connect your SPV wallet to it through Tor.
Keep your keys on the machine running the SPV wallet, which by the mere fact of not being a server, not being online all the time and having fewer open ports and a more restrictive firewall, will be more secure.
Since this is not a server, it will also be easy to actually keep keys off that device, too and using a hardware wallet with the keys on it instead.
In that setup, the secure computer will construct a PSBT, get it signed fully offline by the hardware wallet, then send the PSBT to the semi-secure Electrum server which finally broadcasts it to the Bitcoin network.
Are there any security guides, papers, etc. on how to protect a web wallet (Electrum server)? Search on the forum returns info on general setup, but not specifically on more or less detailed protection tips against bad actors.
Jump to: