Sentnl WAX Guild Candidacy
Sentnl Summary
Website
Social Media
Official WAX Guild candidate name
- Sentnl
Location of company headquarters
- London
Expected location of servers
- United Kingdom – London
Type of servers
- Bare metal for Primary Servers
- Google cloud for our Backup servers
Employees List and Respective Role
Relevant Background Qualifications
We are highly experienced in the EOSIO protocol, we have been with EOS since the beginning and witnessed the booting of EOS mainnet. Our CEO joined was part of the first testnet run by EOSSweden under the pseudonym Cyclops. He has extensive knowledge of the inner workings of the underlying EOSIO software utilised by the WAX blockchain.
Our team has extensive knowledge in security auditing, security policies and procedures. One of our team members is a whitehat hacker with a OSCP qualification.
We strongly believe in the importance of security and monitoring, which is where our expertise lie. Our CEO created a customised monitoring platform based on the Icinga engine for a large corporate business centre operator in London (Avanta) that at its peak monitored 4000 endpoints, including a large VM server farm and cloud infrastructure.
We will be bringing this expertise over to the WAX blockchain.
Technical Specifications
Producer Node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB NVME
Backup Node: Google Cloud 3.6 GHZ, 128GB RAM, 250GB SSD
P2P node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB SSD
EOS V1 API node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB NVME
Monitoring server: Google Cloud 3.6 GHZ, 64GB RAM, 250GB
Security system and services: Google Cloud 3.6 GHZ, 128GB RAM, 1TB
Estimated Scaling Plan
Using our custom Nagios powered monitoring engine we will actively monitor and assess our infrastructure requirements to ensure timely and appropriate upgrades are performed.
Each Node will produce its own reports to help us make future scaling decisions.
Community Benefit Project Outline
(1) Block Producer Security Audits
Our core philosophy is security and we will utilise our expert knowledge , experience and enterprise security tools to help Block Producers assess the security of their infrastructure and their team.
The following automated security services will be offered:
- (1) Security scans of all external facing servers and services. Producer API checks, SSH security, Wiregaurd security and the security and exploitability of any other open services.
- (2) Website Security audits. From OWASP Top 10 risks to vulnerable web app components, installed plugins, themes, admin panels and xss vulnerabilities our Web App Scanning provides comprehensive and accurate vulnerability scanning.
- (3) Phishing email. We take on the role of an attacker (phishing simulation) and identify gaps in both their technical infrastructure and user security awareness.
- (4) Future modules. We will continue to advance our security arsenal to follow the needs of the WAX blockchain and the tech stacks utilised by the Block Producers.
(2) Security WIKI
A wiki with articles and videos on best practices of security for block producers.
We will have some demonstrations as to how hacking actually takes place giving block producers a better idea on how to protect themselves.
(3) Security portal for Block Producer
In the near future we will also be in the position to create a custom portal to allow Block Producers the see live results from all our security modules.
(4) Online Portal to check your JavaScript Code.
We will launch a online portal where Block Producer can check the security of their NodeJS applications.
(5) Future Modules.
A) Search your github code for any sensitive information.
We will scan your github REPOs to check for any sensitive files. Like passwords, API keys, EOS private keys, etc….
B) CORS Security checks.
Check CORS on your website and API nodes for any misconfigurations that could be exploited by an attacker.
A list of Telegram & Node Names for Community Testnet Participation
Telegram: @sentnl_io
Node name: sentnlagents
Testnet node name: sentnlagents
Infrastructure and security
Our core philosophy is security and monitoring. We believe it is of the upmost importance to maintain and develop active security and monitoring policies and procedures.
The importance of having a 3rd party auditing the security of your infrastructure cannot be overstated.
Governance, transparency and accountability
We strongly believe in the governance of Guilds to ensure the high standards of the WAX blockchain is maintained.
We are a fully independent and self-funded company and therefore we have complete control of how our company operates.
The only share holder is our Founder Charles Holtzkampf which is also accountable for all actions within the organisation.