close
Interested in Chainlink Oracle feeds?
Looking for help with your protocol's blockchain infrastructure?
Get in contact with us at hello@cryptomanufaktur.io or join our Discord
CONTACT
Security Protocols

Given the diversity of risks present within the digital asset ecosystem, CryptoManufaktur places an incredibly strong emphasis on security measures. An effective first step to mitigate such risks is to ensure that all access to production servers happens from a Privileged Access Workstation (PAW).

Software on the PAW is significantly limited in order to reduce the number of attack vectors, thereby limiting wallets and seed phrases from being compromised. The PAW is configured to use HVCI/VBS for virtualization-based code integrity and full disk encryption, currently via BitLocker.

In addition, CryptoManufaktur employs the following security protocols:
Account Security
  • All generated passwords are unique and stored using a password safe
  • 2FA is used wherever supported, either with an authentication app or YubiKey (SMS not permitted)
  • All SSH keys are secured with a passphrase (those accessing production servers only kept on PAW)
  • Keys to hot wallets only kept on a PAW (seed phrases are always stored offline in a secured location)
Infrastructure Security
  • Processes do not run as `root` unless required
  • SSH access is via key authentication only, and never as `root`
  • Processes that can communicate via container overlay networks must do so
  • Services exposed to the Internet = TLS-encrypted; other services are firewalled to only allow those specific source IP
BitWarden
Observe
VS Shield
© 2023 CryptoManufaktur