home · news · about · security · documentation · changelog · used by · support/contact · S9 · T9 · restore ssh · fix hashboards · pool · psu
asicseer logo
 
ASIC management, monitoring, and optimization system.

ASICseer is running on 56,111 ASICs (49.1 megawatts).

download ASICseer 1.1.7 now · usflag · ruflag

Network Security Best Practices

Extremely sophisticated hardware-bricking crypto-related viruses and hacking attempts are on the rise. These viruses have the ability to infect all types of firmware (stock, third party, etc). In some cases, infected ASICs may not be recoverable with SD Card restoration, requiring controller card replacement. It is recommended that you secure your ASICs, and the networks on which they reside.

When adding preowned ASICs to your network, do not reuse passwords. Informing your unvetted and potentially hacked ASICs of your existing ASIC passwords may allow them to distribute their virus payload to your healthy ASICs.


Securing your ASICs

Changing SSH and WebUI passwords

It is important to secure your ASICs by changing your default passwords to strong, non-reused passwords (or allow the ASICseer installer to do it for you). Contact our team if you experience login problems that you did not experience in a previous version of ASICseer.

What kind of security to expect for ASICseer 1.1.7 (weaning period):

* For ONLY re/installing ASICseer, not including ASICseer autoupdate functionality: If you don’t use the “keep webuipass” option during ASICseer installation, the ASICseer installer will automatically change only your webUI password to a recoverable, secure, randomly-generated password. For this version of ASICseer, ASICseer autoupdate will NOT change your webUI password.

What kind of security to expect for ASICseer 1.1.8 (hardened security):

* For ALL ASICseer re/installing, including ASICseer autoupdate functionality: The “keep webuipass” option will go away. If the ASICseer installer/autoupdater detects that your SSH and webUI passwords are defaults (any variation of root and admin), it will automatically change both of your passwords to a recoverable, secure, randomly-generated password.

Public Key Authentication

See Securing your ASIC with Passwordless Login and Public Key.


Securing your ASIC Network

The below network security guide is not exhaustive, it is meant to provide a general overview. A network security professional may be required to implement the below best-effort security practices on your network. 

VLANs

Create Management, Isolation, and ASIC VLANs.

Management VLAN

Use this network for your *nix jump box, workstations, wifi at the farm, etc. Protect access to this network: any hacked system plugged into it could access all ASICs.

VLAN Firewall Rule Set:

Isolation VLAN

Add any new and preowned ASICs to this network, for both initial evaluation and firmware installation. If these ASICs are infected, they will not be able to touch anything else in the farm.

VLAN Firewall Rule Set:

ASIC VLANs

Split up your network into multiple /24 VLANs. Each /24 is good for ~250 IPs, allowing segregation by row, container, rack, etc. Keep your VLANs small to prevent DHCP range exhaustion, keep broadcast traffic low, and prevent any infected ASICs from infecting VLANs beyond its own.

VLAN Firewall Rule Set:

Global Firewall Rules


Remote Administration









© 2019       ASICshack logo       All rights reserved.