Blockchain platforms, which are known to have high security, are still not completely safe from hacking attacks. Vulnerabilities are being discovered continuously in blockchain software that is an open source. Even DDoS (Distributed Denial of Service) attacks are threatening blockchain platforms.
Fortinet Korea made an announcement on the 28th that industries should consider security while they are introducing blockchains, which is a technology for public transactions where transaction data of users who are connected to network through computers is renewed once depending on a set time. A bundle of newly-made transaction data is called ‘block’. Entire book of blocks is called ‘blockchain’. Blockchain is a tool that manages and records all types of data from financial information.
Fortinet warned about blockchain platforms’ security vulnerabilities. Number of vulnerabilities of Bitcoin, which is being used the most currently, is also rising. Fortinet maintains platforms while patching vulnerabilities and extending functions. According to CVE Details, which is an official site that calculates security vulnerabilities, number of CVE vulnerabilities related to Bitcoin is 23.
A problem rises when businesses or organizations do not update known security vulnerabilities while using corresponding blockchain platforms. “More than 90% of security-related attacks happen when businesses operate systems while neglecting known vulnerabilities.” said Director Bae Joon-ho of Fortinet Korea. “Blockchain platforms are also exposed to this same problem.” He also added that Bitcoin and Ethereum platforms can prevent security attacks by periodically inspecting and analyzing vulnerabilities of open sources and patching these vulnerabilities.
Blockchain platforms can be neutralized by DDoS attacks. Private blockchains use limited servers for transactions. Control can be lost if particular number of servers is damaged. For example, agreement can be broken if 51 of 100 servers that maintain cryptocurrencies are damaged. Hackers can carry out DDoS attacks so that corresponding blockchains do not operate properly.
Blockchain platforms that are used by businesses need to be careful on access control and protection of personal information. “Approved blockchains need to have access control so that outsiders cannot control books of transaction data.” said Director Bae. “Administrators that can see and update blockchains need to be thoroughly classified.”
Physical access control, network access control, formation, distribution, storage, and backup need to be introduced when introducing blockchain platforms. “A company that wire transfers foreign exchange based on blockchains introduced Fortinet Security Fabric.” said Director Bae. “This security detects known vulnerabilities by utilizing next-generation firewalls and it is applied with latest threat intelligence signature. He also added that this company blocked off malware from spreading through internal network by utilizing security switch, which is managed through next-generation firewalls and FortiLink, and wireless AP.
Staff Reporter Kim, Insoon | insoon@etnews.com