Ledger Stax Best Practices

Capitalized terms used on this page and not otherwise defined, shall have the meanings set forth in your Platform as a Service Agreement with us.

Overview

Below is a list of security best practices on how to securely use the Ledger Vault platform and Ledger Devices.

Section 1: Authorized Users’ systems

Secure and effective Transactions

The Vault Services Authorized Users bear sole responsibility for entering the required information to perform Transactions.

Ledger shall not be held liable for any security issues, breaches, misuse, or malicious attacks arising from the Authorized User's insecure systems, actions, inappropriate browsing practices, or any other security breaches attributable to the user.

Before sending high value or large amounts of Assets, you should always send a small amount first to prove the Transaction was properly received by the recipient.

Always verify that the address of your account displayed in the Ledger Vault interface is identical to the address displayed on your Ledger Hardware Device screen.

Internet access

The Customer should troubleshoot any problems related to the internet connection, or issues with the setup of the internet on the Customer’s side. The Customer should ensure that they have a secure and stable internet connection.

Section 2: Ledger Hardware Devices and Pins

The Shared Owners, Wrapping Key Custodians, Administrators and Operators are fully responsible for their security and the use of their respective Ledger Hardware Devices. In particular, it is the sole responsibility of these users to prevent an unauthorized party from using their Ledger Hardware Device and PIN to initiate a Transaction.

Therefore, the Platform users must take the utmost care and caution to protect their Ledger Hardware Devices physically from unauthorized access, borrowing, loss, and theft. They must also take all necessary measures to prevent any unauthorized disclosure of the Ledger Hardware Devices’ PIN.

What the user must do

The Platform users must ensure that they abide by the following non-exhaustive safeguards: Ensure that the Ledger Hardware Devices are not shared among users.

Store the Ledger Hardware Devices in a locked safe or with the user when it is not in use.
Revoke any unused or lost Ledger Hardware Devices.
Store the Ledger Hardware Devices seed in a locked safe.
Use a strong PIN (8 digits)

What the user must not do

The Authorized User must never:

Lend the Ledger Hardware Devices to others.
Leave the Ledger Hardware Devices inserted in the PC when the Platform is not being accessed and the Vault Services are not being used by an Authorized User.
Write down any PIN or communicate a PIN to any other party
Use a weak PIN (avoid 00000000, 12345678, birthday dates, names etc.)
Allow anybody or any recording devices to watch over their shoulder when entering their PIN. In case of any doubt, change the PIN.
Leave the seed unchecked or unattended.

Section 3: User Roles

What the Customer must do

The Customer must:

Define three different people to hold the Shared-Owner role and three different people to hold the Wrapping Key Custodian role.
Notify Ledger in cases of any departure, dismissal, incapacity, death etc. of any user of the Ledger Vault.

What the Customer must not do

The Customer must never:

Allow one person to hold multiple roles.

Section 4: Recovery Sheets

The following guidelines apply for the security of Recovery Sheets:

Roles

Shared Owners

Wrapping Key Custodians

Administrators

Operators

Tasks

Create seeds during the key ceremony. Disaster Recovery.

Create the Wrapping Key. Perform HSM firmware updates.

Create users and accounts. Confirm account and user creation. Define Transactions and governance rules.

Create Transactions. Confirm Transactions.View Transactions.

Frequency

Once normally or twice in case of disaster recovery

Quarterly

Ad-hoc / weekly

Daily

Criticality

High

Normal

Ledger Hardware Device Security

Physical safes geographically separated

With the Authorized User at home or the office

Recovery Sheet

Physical safes, geographically separated and reachable to the Shared Owner only. The safe should be accessible by another trusted person in case of events such as dismissal, incapacity or death of the Shared Owner

Physical safes, geographically separated and reachable to the Wrapping key custodian only. The safe should be accessible by another trusted person in case of events such as dismissal, incapacity or death of the Wrapping key custodian

Physical safes reachable within hours by Administrators only. The safe should be accessible by another trusted person in case of events such as dismissal, incapacity or death of the Administrator

Either safely destroyed after onboarding a Ledger Stax or kept in physical safes reachable within minutes/hours by Administrators or eligible trusted persons only (i.e. no Operators)

Governance

To generate the Master Seed you must combine the seeds of the three Shared-Owners

To generate the Wrapping Key you must combine the seeds of the three Wrapping Key Custodians

To create accounts in the Ledger Vault, the defined quorum of Administrators must be met to authorize the creation (e.g. 2 out of 4 Administrators according to the set Rules)

To create Transactions in the Ledger Vault, the defined quorum of Operators must be met to authorize the Transaction (e.g. 2 out of 4 Operators according to the set Rules)

Section 5: General safety safeguards

What you must do

Additionally, the Customer must protect the systems used for Ledger Vault in line with standard industry security practices, such as:

The firewall must be both a physical one to protect incoming traffic, and a PC-local one to ensure that only authorized programs communicate with the outside world.
Ensure that all software and firmware applications running on the PC are regularly updated and patched. This includes the operating system, the internet browser, and additional plugins, such as Shockwave, QuickTime, Real Player, etc.
Restrict outgoing traffic from the PC to business-critical websites, as well as to legitimate websites required for software updates.
Use up-to-date anti-virus software and anti-malware scanners to protect the PC which is used to access the Vault Services and the Platform from malicious attacks, including but not limited to, malware, ransomeware, spyware, viruses, worms, keyboard loggers, browser hijackers, trojans, and rootkits.
Always use a strong password to lock the session.
Always lock the computer when stepping away.
Do not share the working environment and ensure that it is physically secure. Keep doors and windows closed/locked at close of business; don't leave devices lying around.
Remove all services/software from the computer that you do not need.
The user must ensure the computer it uses to access the Ledger Vault is secure.

The Customer must ensure that all users are following secure browsing practices, such as:

IMPORTANT: Be suspicious of emails that appear to come from Ledger and NEVER share the Ledger Hardware Device’ PIN or recovery words if asked. Ledger will NEVER ask for a Ledger Hardware Device’ PIN or recovery words in an email, phone call or any other communication.
Reserve certain PCs to access websites of the same criticality as the Platform and only access those sites from those PCs.
Always restart the browser instance before and after accessing the Ledger Vault platform.
Verify the Vault Services server's SSL certificate authenticity at each login on to the Platform, as described in the Ledger Vault user guidelines documentation.
Use up-to-date computer software.
Install the latest security updates and antivirus.
Use a strong password to lock your session.
Periodically change your password.

The user must implement the following management principles to alleviate the risks to its system:

Establish user management practices to ensure that only Authorized Users are created and remain on the system.
Because users change roles or leave the company, the Customer must maintain an accurate and up-to-date list of users and related permissions.
Reconcile daily traffic to detect mismatches between authorized and actual traffic, both sent or received.

What you should not do

The user should never rush the process of setting up the Ledger Hardware Devices or when effecting Transactions.
The user should not use unsecure public internet connections.
The user should not feel pressured or be under duress to carry out a Transaction
The user must not click suspicious links in emails that appear to come from Ledger or any of our Affiliates, even if the link looks legitimate. Such phishing attacks may lead to a rogue website that can steal information or infect your PC.
The user must not browse any other website at the same time as it accesses the Platform.
The user must not use external devices such as a USB device at the same time as it accesses the Platform.
The user must not permit remote control access to their PC at the same time as it accesses the Platform.
The user must not click on a pop-up link that requests to download and install executable software.
The Customer must not delegate all the critical roles (Shared Owner, Wrapping Key Custodian, Administrator) to a single person who can then use multiple Ledger Hardware Devices to compromise security.

Section 6: Support

The Support team can assist the Customer whenever there is an issue on the Ledger Vault.

The Support team of Ledger will never ask the Customer to provide or share the private keys or to create Transactions.

What the user must do

The Authorized User must:

Contact Ledger’s Support team either:
- By emailing your technical account manager on the email details provided to you
Use the account created for them by the Support team.

What the user must not do

The Authorized User must never:

Share their private key.

PreviousSecurity best practices NextRecovering your Vault Master Seed

Last updated 1 month ago

Ledger Stax Best Practices

Capitalized terms used on this page and not otherwise defined, shall have the meanings set forth in your Platform as a Service Agreement with us.

Overview

Below is a list of security best practices on how to securely use the Ledger Vault platform and Ledger Devices.

Section 1: Authorized Users’ systems

Secure and effective Transactions

The Vault Services Authorized Users bear sole responsibility for entering the required information to perform Transactions.

Before sending high value or large amounts of Assets, you should always send a small amount first to prove the Transaction was properly received by the recipient.

Always verify that the address of your account displayed in the Ledger Vault interface is identical to the address displayed on your Ledger Hardware Device screen.

Internet access

Section 2: Ledger Hardware Devices and Pins

What the user must do

The Platform users must ensure that they abide by the following non-exhaustive safeguards: Ensure that the Ledger Hardware Devices are not shared among users.

Store the Ledger Hardware Devices in a locked safe or with the user when it is not in use.
Revoke any unused or lost Ledger Hardware Devices.
Store the Ledger Hardware Devices seed in a locked safe.
Use a strong PIN (8 digits)

What the user must not do

The Authorized User must never:

Lend the Ledger Hardware Devices to others.
Leave the Ledger Hardware Devices inserted in the PC when the Platform is not being accessed and the Vault Services are not being used by an Authorized User.
Write down any PIN or communicate a PIN to any other party
Use a weak PIN (avoid 00000000, 12345678, birthday dates, names etc.)
Allow anybody or any recording devices to watch over their shoulder when entering their PIN. In case of any doubt, change the PIN.
Leave the seed unchecked or unattended.

Section 3: User Roles

What the Customer must do

The Customer must:

Define three different people to hold the Shared-Owner role and three different people to hold the Wrapping Key Custodian role.
Notify Ledger in cases of any departure, dismissal, incapacity, death etc. of any user of the Ledger Vault.

What the Customer must not do

The Customer must never:

Allow one person to hold multiple roles.

Section 4: Recovery Sheets

The following guidelines apply for the security of Recovery Sheets:

Roles

Shared Owners

Wrapping Key Custodians

Administrators

Operators

Tasks

Create seeds during the key ceremony. Disaster Recovery.

Create the Wrapping Key. Perform HSM firmware updates.

Create users and accounts. Confirm account and user creation. Define Transactions and governance rules.

Create Transactions. Confirm Transactions.View Transactions.

Frequency

Once normally or twice in case of disaster recovery

Quarterly

Ad-hoc / weekly

Daily

Criticality

High

Normal

Ledger Hardware Device Security

Physical safes geographically separated

With the Authorized User at home or the office

Recovery Sheet

Physical safes reachable within hours by Administrators only. The safe should be accessible by another trusted person in case of events such as dismissal, incapacity or death of the Administrator

Either safely destroyed after onboarding a Ledger Stax or kept in physical safes reachable within minutes/hours by Administrators or eligible trusted persons only (i.e. no Operators)

Governance

To generate the Master Seed you must combine the seeds of the three Shared-Owners

To generate the Wrapping Key you must combine the seeds of the three Wrapping Key Custodians

To create accounts in the Ledger Vault, the defined quorum of Administrators must be met to authorize the creation (e.g. 2 out of 4 Administrators according to the set Rules)

To create Transactions in the Ledger Vault, the defined quorum of Operators must be met to authorize the Transaction (e.g. 2 out of 4 Operators according to the set Rules)

Section 5: General safety safeguards

What you must do

Additionally, the Customer must protect the systems used for Ledger Vault in line with standard industry security practices, such as:

The firewall must be both a physical one to protect incoming traffic, and a PC-local one to ensure that only authorized programs communicate with the outside world.
Ensure that all software and firmware applications running on the PC are regularly updated and patched. This includes the operating system, the internet browser, and additional plugins, such as Shockwave, QuickTime, Real Player, etc.
Restrict outgoing traffic from the PC to business-critical websites, as well as to legitimate websites required for software updates.
Use up-to-date anti-virus software and anti-malware scanners to protect the PC which is used to access the Vault Services and the Platform from malicious attacks, including but not limited to, malware, ransomeware, spyware, viruses, worms, keyboard loggers, browser hijackers, trojans, and rootkits.
Always use a strong password to lock the session.
Always lock the computer when stepping away.
Do not share the working environment and ensure that it is physically secure. Keep doors and windows closed/locked at close of business; don't leave devices lying around.
Remove all services/software from the computer that you do not need.
The user must ensure the computer it uses to access the Ledger Vault is secure.

The Customer must ensure that all users are following secure browsing practices, such as:

IMPORTANT: Be suspicious of emails that appear to come from Ledger and NEVER share the Ledger Hardware Device’ PIN or recovery words if asked. Ledger will NEVER ask for a Ledger Hardware Device’ PIN or recovery words in an email, phone call or any other communication.
Reserve certain PCs to access websites of the same criticality as the Platform and only access those sites from those PCs.
Always restart the browser instance before and after accessing the Ledger Vault platform.
Verify the Vault Services server's SSL certificate authenticity at each login on to the Platform, as described in the Ledger Vault user guidelines documentation.
Use up-to-date computer software.
Install the latest security updates and antivirus.
Use a strong password to lock your session.
Periodically change your password.

The user must implement the following management principles to alleviate the risks to its system:

Establish user management practices to ensure that only Authorized Users are created and remain on the system.
Because users change roles or leave the company, the Customer must maintain an accurate and up-to-date list of users and related permissions.
Reconcile daily traffic to detect mismatches between authorized and actual traffic, both sent or received.

What you should not do

The user should never rush the process of setting up the Ledger Hardware Devices or when effecting Transactions.
The user should not use unsecure public internet connections.
The user should not feel pressured or be under duress to carry out a Transaction
The user must not click suspicious links in emails that appear to come from Ledger or any of our Affiliates, even if the link looks legitimate. Such phishing attacks may lead to a rogue website that can steal information or infect your PC.
The user must not browse any other website at the same time as it accesses the Platform.
The user must not use external devices such as a USB device at the same time as it accesses the Platform.
The user must not permit remote control access to their PC at the same time as it accesses the Platform.
The user must not click on a pop-up link that requests to download and install executable software.
The Customer must not delegate all the critical roles (Shared Owner, Wrapping Key Custodian, Administrator) to a single person who can then use multiple Ledger Hardware Devices to compromise security.

Section 6: Support

The Support team can assist the Customer whenever there is an issue on the Ledger Vault.

The Support team of Ledger will never ask the Customer to provide or share the private keys or to create Transactions.

What the user must do

The Authorized User must:

Contact Ledger’s Support team either:
- By creating a ticket on , or
- By emailing your technical account manager on the email details provided to you
Use the account created for them by the Support team.

What the user must not do

The Authorized User must never:

Share their private key.

PreviousSecurity best practices NextRecovering your Vault Master Seed

Last updated 1 month ago