IDENTIFYING FUTURE PROBLEMS
Congrats, if you made it this far, you’re now well versed in basics of blockchain security! Now that you’re familiar with the most common issues, we wanted to provide a few tips for you to identify vulnerabilities as they evolve. In general, there are three categories of vulnerabilities:
Social
Also known as Social Engineering. These vulnerabilities are characterized by attacks which take advantage of the individual users of the network. This is less about technology and more about humans. If you’ve ever given a password over the phone when you know you shouldn’t–you have fallen prey to social vulnerability.
Structural
Characterized by problems or weak points in the architecture of the system, such as centralized servers. These are the obvious technical problems with only a single server and no backups or an infrastructure designed around any singular choke point. Horizontal scaling of servers (which simply means more!) can help to alleviate the problem of serving requests, but then it’s possible that another supportive protocol, such as DNS, were to become unavailable.
Economic
Characterized by a lack of appropriate incentives to ensure that participants in the network behave as expected. We can most regularly see this in the lack of monetary support of Open Source protocols and software. Famously, several critical pieces of software that power the majority of internet servers have had bugs dormant in their software for years. Typically, these projects are only maintained by a single part-time developer.
WRAPPING IT UP
Keeping yourself secure in an online world is becoming increasingly difficult. There are a few basic measures that all security-conscious internet users can take:
Although none of these recommendations are exclusive to the blockchain industry, these essential checks will help to prevent a variety of compromising situations. Now that money is digitally accessible and can become totally unrecoverable, it’s time for us to take careful measures with digital security more generally. The internet and computation were not designed in an adversarial environment, so many devices are simply designed to work rather than to be secure.
We’re here to help. If you have any questions or feedback about this course please email us at info@theblockchaininstitute.org - we’d love to hear from you!
