diff --git a/bun.lockb b/bun.lockb
new file mode 100755
index 00000000..8f1ec1a0
Binary files /dev/null and b/bun.lockb differ
diff --git a/src/pages/guide/node/questions.txt b/src/pages/guide/node/questions.txt
new file mode 100644
index 00000000..587e5853
--- /dev/null
+++ b/src/pages/guide/node/questions.txt
@@ -0,0 +1,7 @@
+1. how do I know my validator's status
+2. how do i know if my validator is syncing
+3. why is my new validator stuck
+4. what hardware do i need for my validator (e.g. what instance on AWS, OVH)
+5. what metrics do I need to monitor
+6. can I backup my validator's state?
+7. how do I recover my validator from X state?
diff --git a/src/pages/guide/node/system-requirements.mdx b/src/pages/guide/node/system-requirements.mdx
index e04e7e29..c7a07f20 100644
--- a/src/pages/guide/node/system-requirements.mdx
+++ b/src/pages/guide/node/system-requirements.mdx
@@ -40,6 +40,13 @@ These dedicated servers meet or exceed the recommended specs for both RPC and va
 Cloud instances with network-attached storage (e.g., AWS EBS) do not provide sufficient I/O performance. Use dedicated servers or instances with local NVMe storage.
 :::
 
+## Security measures
+
+We do not recommend using a cloud firewall / NAT gateway as it can introduce additional complexity and performance issues. Instead, we've implemented security measures in the networking layer of the node, including:
+- only accepting connections from trusted IP addresses (active validators on-chain)
+- ratelimiting connections and messages in consensus and execution to prevent abuse
+- only accepting consensus connections from validators that can prove their identity
+
 ## Ports
 
 | Port | Protocol | Purpose | Expose |