As bitcoin usage is increasing and exchanges are booming, it's necessary for users to feel secure when investing money, thus the need for security guidelines for these exchanges to follow in order to have a secure infrastructure.
This is a draft, suggest by user
ascent, and below are our expectations of how exchanges should be secured (infrastructure wise, and maybe procedures too). Make your suggestions and explain them. I'll edit the post and update it.
I hope the mods pin this and eventually add it to the official bitcoin wiki so that it's followed by exchange markets.
Data Security:
- Passwords must be hashed using SHA-512 or BlowFish derived ciphers that are slow in computation, slowing down brute force attacks.
- Proper hash salting must be applied. Details: http://forum.bitcoin.org/index.php?topic=20720.msg260974#msg260974
- Separate user login data from user transaction data. Auditors need access to the latter only.
Trading Procedures:
- The exchange must state what kind of circuit breaker protocols are used in place. Explanation: http://forum.bitcoin.org/index.php?topic=20720.msg259385#msg259385
- The exchange must state its operating hours and holidays.
- The exchange must state what security measures are in place should it operate 24/7 or at certain hours and when security updates would be rolled out.
Profile Information:
- Require putting the current password when changing any profile settings.
- Allow for use of an alternate email address (Like GMail).
- Allow changing the alternate address only after an email has been sent to it, not the main one, in case the account got compromised.
Login:
- Use CAPCTHA or similar methods to prevent automated brute-force attacks on logins.
- Provide an option to lock an account for a certain time after a certain number of failed attempts to login.
- A welcome screen should be presented to show an image and a text chosen by the user when the account was created, to make sure the user logged into the right site & not a hijacked/spoofed one.
APIs:
- Streaming updates to the order book (market depth, profile, etc.) should include order IDs such that the client can accurately update its own version of the order book.
Networking:
- Database & web servers should reside behind a firewall and only reachable via proxies.
- The database should be a separate machine from the web server and only reachable from the webserver, or specific machines in the network.
- Exchanges must declare its networking design to show the location of servers, firewalls and other equipment.
- SSL/TLS must be used at all times for all operations.
- Auto logout must be used, but the timeout period is configurable by the user.
- Use security tokens in forms to prevent Cross-site Request Forgery (CSRF)
- Sanitize all data coming from users.
- View a list of last used IP addresses logged into the account (Like GMail).
- Use of Intrusion prevention systems and daily review of attacks or patterns.
Corporate Protocols:
- Define the number of workforce either in strict terms (10, for example) or approximate (5-8 people as web devs, for example).
- Backup procedures: How often are backups taken. Where are backups kept. How often are test-restores performed.
- Access to any of the systems or databases must be from a clean machine from within the corporate to avoid external attacks (virus infections).
- The exchange should promote security best practices to clients.
Currency Calculations: