# Node Security {% hint style="warning" %} The documentation is designed for Liker Land and LikeCoin v2. For information on [3ook.com](https://3ook.com/) and LikeCoin v3, please visit [docs.3ook.com](https://docs.3ook.com) and [dao.like.co](https://dao.like.co/). {% endhint %} Below are general guidelines for reducing attack vectors over network: * Ensure unattended upgrades are enabled * Block all ports except required ones * Setup firewall via `ufw` or `iptables` * Optionally for cloud host, block ports via security group instead * SSH Port should be open to trusted IP addresses only * SSH login with password should be disabled, authenticate with a `ed25519` key instead * For extra security, use a yubikey with `ed25519-sk` resident key The exact steps are out of scope of this guide, please refer to other online sources or consult the community discord. Below are some good 3rd party guides for reference: * [UFW usage](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04) * [Generate ed25519 SSH Key](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) * [Deploy SSH key to server](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server#step-2-copying-an-ssh-public-key-to-your-server) * [SSH Hardening](https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-client-on-ubuntu-20-04) The physical security of the host should be reviewed as well. For validators, we encourage the use [tmkms](https://docs.osmosis.zone/developing/keys/tmkms.html) for improved signing security --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.v2.like.co/validator/likecoin-chain-node/setup-a-node/node-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.