home · about · security · docs · changelog · used by · support/contact · restore ssh · fix hashboards · pool · psu · S9 · T9 · S17 · T17
asicseer logo
 
ASIC management, monitoring, and optimization system.
ASICseer is running on 42,521 ASICs (including 8 X17 generation) | 41.1mw

download ASICseer 1.3.9 now · usflag · ruflag
download ASICseer BoardRestore 1.0.3

ASICseer Password Security

For all ASICseer re/installing, including ASICseer autoupdate functionality:

If the ASICseer installer/autoupdater detects that your SSH and webUI passwords are defaults (such as root and admin), it will automatically change both of your passwords to a recoverable, secure, randomly-generated password. If your passwords are already different, they will not be changed.

Visit the ASICseer Password Recovery Page if you need to recover your ASICseer ASIC password.

NOTE:: If you have trouble logging in to the webUI, try a different browser or incognito mode.


Network Security Best Practices

Extremely sophisticated hardware-bricking crypto-related viruses and hacking attempts are on the rise. These viruses have the ability to infect all types of firmware (stock, third party, etc). In some cases, infected ASICs may not be recoverable with SD Card restoration, requiring controller card replacement. It is recommended that you secure your ASICs, and the networks on which they reside.

When adding preowned ASICs to your network, do not reuse passwords. Informing your unvetted and potentially hacked ASICs of your existing ASIC passwords may allow them to distribute their virus payload to your healthy ASICs.


Securing your ASICs

Changing SSH and WebUI passwords

It is important to secure your ASICs by changing your default passwords to strong, non-reused passwords (or allow the ASICseer installer to do it for you).

Public Key Authentication

To secure your ASIC and to prevent unauthorized logins, you should use passwordless public key authentication. This procedure disables passworded SSH logins and only allows the machine containing the private key to access your ASICs.

See Securing your ASIC with Passwordless Login and Public Key.


Securing your ASIC Network

The below network security guide is not exhaustive, it is meant to provide a general overview. A network security professional may be required to implement the below best-effort security practices on your network. 

VLANs

Create Management, Isolation, and ASIC VLANs.

Management VLAN

Use this network for your *nix jump box, workstations, wifi at the farm, etc. Protect access to this network: any hacked system plugged into it could access all ASICs.

VLAN Firewall Rule Set:

Isolation VLAN

Add any new and preowned ASICs to this network, for both initial evaluation and firmware installation. If these ASICs are infected, they will not be able to touch anything else in the farm.

VLAN Firewall Rule Set:

ASIC VLANs

Split up your network into multiple /24 VLANs. Each /24 is good for ~250 IPs, allowing segregation by row, container, rack, etc. Keep your VLANs small to prevent DHCP range exhaustion, keep broadcast traffic low, and prevent any infected ASICs from infecting VLANs beyond its own.

VLAN Firewall Rule Set:

Global Firewall Rules

Remote Administration









© 2019-2024       ASICshack logo       All rights reserved.