NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Securing Your Blockchain Servers

January 12, 2018

  • Blog
  • Archive

Blockchain

I am simply amazed at all the buzz around Bitcoin, Blockchain, and cryptocurrency. When you hear a cab driver talking about it, or your local news carries a piece on how a family paid for their daughter’s wedding with Bitcoin, then you know that the hype is out of control. If you know anything about these technologies, excellent – you are ahead of the curve. Hopefully you have not realized too late that they actually have a limited place in business and need to be secured just like any other application – with some twists.

Blockchain – what is it, and how does it work?

Blockchains are not a database replacement, nor will future applications that utilize them. They are a multi-node distributed ledger system that secures entries based on volume and verification. Natively, blockchain can only process a limited number of transactions per second and cannot store complex records or blobs – only ledger-style information that has a finite start date, like shipping information.

Historical records, pictures, complex indexes, and other large datasets are just not good for blockchain technology. This is one of the problems security teams need to understand. Think of a blockchain implementation like old school peer to peer network technology from Napster or bearshare (yes, I am going there). Each node contains a database of all records and any new entries need to propagate to all other nodes for validity. While a peer-to-peer network queries its peers for entries, blockchain actually contains a duplicate of all entries compared to its peers. This means tampering with one node does not invalidate the entire blockchain; it means that an entry has to be properly validated (via work in the case of bitcoins) to be accepted as a ledger entry and propagated to other nodes. This is where security comes into play.

Entries into the blockchain ledger needed to be validated for fraudulent activity, and more importantly the hosts containing blockchain implementations secured against vulnerabilities and privileged attacks that could compromise or tamper with blockchain insertions. There is no concept of blockchain ledger modifications. This is key to protect the integrity of the data. Once an entry is accepted, it is permanent. Therefore, if you can attack the server, application, and ledger processes, you can tamper with the blockchain. This is how some of the recent cryptocurrency attacks have been occurring.

Blockchain implementations are only as secure as the applications that use them. Poor security controls for inserting data in the ledger will lead to tampering. In the case of bitcoins, beyond a 51% ownership of all bitcoin servers, the servers themselves validate mining via work. These are mathematical computations that prove an entry should be made and ownership of a bitcoin.

The actual allocation of bitcoins is a more complex topic out of scope for this discussion. In either case, since they are distributed and verified by other servers, tampering is very difficult, if not near impossible, before an entry is made. Other cryptocurrency and blockchain implementations are nowhere near as secure.

This is a critical lesson: Blockchain is a foundational tool for bitcoins and leverages other models to stay secure. Blockchain alone is not secure. It is just a distributed database ledger.

Securing Blockchain Implementations

So how do we secure blockchain implementations? We first start with cybersecurity basic hygiene:

  • Privileged access management to ensure all privileged access to the host is monitored and properly delegated
  • Vulnerability management to secure the host and applications from tampering that could lead to inappropriate read or write blockchain ledger entries
  • Patch management for prompt remediation, mitigation, or hardening to minimize risks

And now the twist:

  • New entries into the blockchain should be secured with dynamic privileges and only valid for one time usage. This can be done with privileged password access solutions and keys or passwords using an API. An insecure insertion path into the blockchain can lead to devastating results.
  • Reads from the blockchain should be secured in a similar fashion to ensure the retrieval is not tampered with (like a man in the middle attack) before processing by the application.

Since modifications and deletions of blockchain records are not permitted, all entries must be 100% valid or the entire model (ledger) could be compromised.

Think of blockchains as just another application for data storage. It has limited data storage capabilities, is not very fast, but is designed to be highly distributed and 100% reliable. If your application or host can be tampered with, so can you blockchain. The goal, securing both during their design and implementation so this can never occur.

For more information on how BeyondTrust’s solutions can help secure blockchain transactions at that application programming interface level, contact us today.

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.