# 3.3 Security Best Practices

### Key Management

1. Generate a new key pair for your validator:

```bash
./target/debug/sov-cli keys generate
```

2. Securely store your private key. Never share it or store it in plain text on your server.
3. Use hardware security modules (HSMs) for additional security if available.

### Node Security

1. Keep your operating system and all software up to date.
2. Use a firewall to restrict incoming connections:

   ```bash
   sudo ufw allow 12346/tcp
   sudo ufw enable
   ```
3. Disable root SSH access and use key-based authentication.

### Network Security

1. Use a VPN or private network for communication between your nodes if running multiple.
2. Implement DDoS protection if your node is publicly accessible.
3. Regularly monitor your node for unusual activity or performance issues.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://validators.spicenet.io/3.3-security-best-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.