Our exchange platform is designed in a way to hide most important services deep inside the cluster.
Most sensitive services such as wallet service, does not even have access to the outside world. It can only talk to blockchain nodes and other services inside the cluster. No external packets ever arrives at it, all data reaching wallet service is originated from inside the cluster.
This means it is impossible to manipulate wallet service form the outside, attacker has to actually get inside it in order to access it. But even if somehow attacker breaks into the system somehow, they won’t be able to do much because every service is isolated from the others.
Our intelligent deployment script configures servers and networks in such a way that internal services can only talk to a minimum required subset of other services. All other communications are strictly prohibited. This means that an attacker won’t be able to access exchange funds even if hacker bribes the system admin and get access to one of cluster servers.
Databases and tables inside them are protected in a similar way. The services can read only tables
they supposed to read and can write to tables they supposed to write. All other activity is prohibited
by security rules.