Open in app

Sign in

Write

Sign in

Sentnl WAX Guild Candidacy

Charles Holtzkampf
Sentnl
Published in
4 min readJun 27, 2020

Sentnl Summary

Website

Social Media

Official WAX Guild candidate name

  • Sentnl

Location of company headquarters

  • London

Expected location of servers

  • United Kingdom – London

Type of servers

  • Bare metal for Primary Servers
  • Google cloud for our Backup servers

Employees List and Respective Role

Charles Holtzkampf (Co-founder & CTO)
Charles Holtzkampf (Founder & CEO)
Z00lxS9 (CTO / SECURITY NINJA)

Relevant Background Qualifications

We are highly experienced in the EOSIO protocol, we have been with EOS since the beginning and witnessed the booting of EOS mainnet. Our CEO joined was part of the first testnet run by EOSSweden under the pseudonym Cyclops. He has extensive knowledge of the inner workings of the underlying EOSIO software utilised by the WAX blockchain.

Our team has extensive knowledge in security auditing, security policies and procedures. One of our team members is a whitehat hacker with a OSCP qualification.

We strongly believe in the importance of security and monitoring, which is where our expertise lie. Our CEO created a customised monitoring platform based on the Icinga engine for a large corporate business centre operator in London (Avanta) that at its peak monitored 4000 endpoints, including a large VM server farm and cloud infrastructure.

We will be bringing this expertise over to the WAX blockchain.

Technical Specifications

Producer Node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB NVME

Backup Node: Google Cloud 3.6 GHZ, 128GB RAM, 250GB SSD

P2P node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB SSD

EOS V1 API node: Bare Metal, 4.2 GHZ, 128GB RAM, 1TB NVME

Monitoring server: Google Cloud 3.6 GHZ, 64GB RAM, 250GB

Security system and services: Google Cloud 3.6 GHZ, 128GB RAM, 1TB

Estimated Scaling Plan

Using our custom Nagios powered monitoring engine we will actively monitor and assess our infrastructure requirements to ensure timely and appropriate upgrades are performed.

Each Node will produce its own reports to help us make future scaling decisions.

Community Benefit Project Outline

(1) Block Producer Security Audits

Our core philosophy is security and we will utilise our expert knowledge , experience and enterprise security tools to help Block Producers assess the security of their infrastructure and their team.

The following automated security services will be offered:

  • (1) Security scans of all external facing servers and services. Producer API checks, SSH security, Wiregaurd security and the security and exploitability of any other open services.
  • (2) Website Security audits. From OWASP Top 10 risks to vulnerable web app components, installed plugins, themes, admin panels and xss vulnerabilities our Web App Scanning provides comprehensive and accurate vulnerability scanning.
  • (3) Phishing email. We take on the role of an attacker (phishing simulation) and identify gaps in both their technical infrastructure and user security awareness.
  • (4) Future modules. We will continue to advance our security arsenal to follow the needs of the WAX blockchain and the tech stacks utilised by the Block Producers.

(2) Security WIKI

A wiki with articles and videos on best practices of security for block producers.

We will have some demonstrations as to how hacking actually takes place giving block producers a better idea on how to protect themselves.

(3) Security portal for Block Producer

In the near future we will also be in the position to create a custom portal to allow Block Producers the see live results from all our security modules.

(4) Online Portal to check your JavaScript Code.

We will launch a online portal where Block Producer can check the security of their NodeJS applications.

(5) Future Modules.

A) Search your github code for any sensitive information.

We will scan your github REPOs to check for any sensitive files. Like passwords, API keys, EOS private keys, etc….

B) CORS Security checks.

Check CORS on your website and API nodes for any misconfigurations that could be exploited by an attacker.

A list of Telegram & Node Names for Community Testnet Participation

Telegram: @sentnl_io

Node name: sentnlagents

Testnet node name: sentnlagents

Infrastructure and security

Our core philosophy is security and monitoring. We believe it is of the upmost importance to maintain and develop active security and monitoring policies and procedures.

The importance of having a 3rd party auditing the security of your infrastructure cannot be overstated.

Governance, transparency and accountability

We strongly believe in the governance of Guilds to ensure the high standards of the WAX blockchain is maintained.

We are a fully independent and self-funded company and therefore we have complete control of how our company operates.

The only share holder is our Founder Charles Holtzkampf which is also accountable for all actions within the organisation.

Eos

--

--

Charles Holtzkampf
Sentnl

Written by Charles Holtzkampf

2 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams