Cyber Security

1. Choose a secure operating system
   The first step in securing your Lightning Network node is to choose a secure operating system. Linux is the recommended operating system for running a Lightning Network node, as it is more secure than other operating systems such as Windows or MacOS. Choose a version of Linux that is actively supported and updated, such as Ubuntu or Debian.
2. Secure your node's firewall
   A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Configure your node's firewall to only allow incoming connections from trusted sources, such as your own IP address or known peers.
3. Install a VPN
   A VPN (Virtual Private Network) is a tool that encrypts your internet traffic and hides your IP address. By using a VPN, you can add an extra layer of security to your Lightning Network node. Only allow connections from trusted VPNs to your node.
4. Update regularly
   Keeping your node's software up-to-date is important for protecting it from vulnerabilities. Enable automatic updates for your operating system and be up to date on your LN implementation.
5. Protect your private keys
   Private keys are the most sensitive piece of information when it comes to securing your Lightning Network node. It's crucial to keep your private keys offline and in a secure location, such as a hardware wallet. Make sure to backup your private keys in multiple locations. The same precautions should be used when generating a macaroon.
6. Use a secure password
   Choose a strong and unique password for your node. Use a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using common words or phrases.
7. Enable two-factor authentication (2FA)
   Two-factor authentication (2FA) adds an extra layer of security to your LN node. If available (ex. on Umbrel) use a hardware wallet or an authenticator app such as Google Authenticator to enable 2FA.

1. Use the LND Watchtower service, which monitors the blockchain for attempted breaches of your Lightning Network channels. Check out the Watch Swaps we offer on LN+ for LND nodes that have a built in watchtower service.
2. Use the LND Tor hidden service to add an extra layer of privacy to your node's network traffic.
3. Enable LND's "disable admin macaroon" option to prevent unauthorized access to your node's administrative API.
4. Consider synchronous database replication with LND/postgres.

1. Use the CLN Watchtower service, which monitors the blockchain for attempted breaches of your Lightning Network channels. On LN+ we offer Watch Swaps for CLN nodes that use The Eye of Satoshi service.
2. Use the CLN Tor hidden service to add an extra layer of privacy to your node's network traffic.
3. Enable CLN's "disable admin cookie" option to prevent unauthorized access to your node's administrative API.
4. Consider sqlite db mirroring network drives to reduce the chance of state data loss.

Power Redundancy

1. Use an uninterruptible power supply (UPS): A UPS is a battery backup system that provides power to your Lightning Network node during a power outage. A UPS can keep your node operational for several hours, depending on its capacity.
2. Use a generator: If you live in an area where power outages are frequent, consider using a generator as a backup power source for your Lightning Network node.
3. Avoid using Wi-Fi: A wired internet connection is more reliable than a Wi-Fi connection during a power outage.

Internet Redundancy

1. Use a wired internet connection: A wired internet connection is more reliable than a wireless connection. If possible, use a wired connection to connect your Lightning Network node to the internet.
2. Use a backup internet connection: If your primary internet connection goes down, a backup internet connection can keep your node operational. Consider using a mobile hotspot or a secondary wired connection as a backup.