| Author |
Message |
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
 Posted:
Wed Jul 21, 2004 6:19 pm |
|
Well... After a great deal of toying around with everything, I have learned much of what I needed to know about the differences in the applications. Below, please find my thoughts. I have edited this to be a tad more specific and I hope that everyone reading this realizes that I think both solutions are excellent.
I would definately say that yes, it makes a lot of sense to have Protector and Sentinal operating together. To get a full understanding, here's my opinion and experiences from using RavenScripts Hack Alert, Sentinal and Protector together.
First and foremost, Protector offers the ability to ban entire classes of IP addresses.
For me, this feature has been indispensable. To cut to the chase, I have banned entire nations in an attempt to reduce the amount of hack attempts to my site. If you live in the United Arab Emirates for example, you won't be looking at my site but rather be redirected away.
Next, Protector provides some really good IP tracking and monitoring that you don't get with Sentinal (by design). Protector features and the database access used in collecting and manipulating Protector data does increases database utilization; however, the load very much depends on your level of traffic. High traffic = higher load.
High volume sites may experience a decrease in overall performance; however small sites will not notice ANY difference. My personal opinion is that if your website is having that much traffic, build a bigger server or otherwise add resources versus removing Protector. If you are on shared hosting and have that much traffic, good for you! You need to manage Protector closely to ensure optimal performance. There is a cusp group (the majority of users actually) that is impacted slightly, but not enough that anyone notices. Again, maintenance and monitoring your settings is much more important for Protector than the low/no resources used Sentinal solution.
On the other side of my protection coin, Sentinal does a great job of stopping specific attacks and identifying the source of those attacks AFTER being configured correctly. While Sentinal guards against these attacks, it does so without all of the presentation and monitoring front-end that Protector offers. Sentinal is much more of a "Set it, and forget it" product unlike Protector, which should be monitored, pruned and "optimized" regularly.
All solutions notify administrators of hack attempts; however, Sentinal also has the ability to write to your .htaccess file. I experienced some problems with Sentinal's E-mail notifications (with IP Lookup enabled), so I have disabled the lookup feature for my sites; however, with that caveat, Sentinal has done a great job of email delivering all of the information I need, which is the IP address and intrusion details.
To date, I simply transfer the Sentinal information over to Protector when I see a problem in a specific IP range. It should be noted that Sentinal will automatically protect against all learned individual IPs that have attempted to inject harmful code, and as does Protector, when any intrusion attempt is detected.
Where Protector really leaves Sentinal in the dust is in configuration management, integrated (and optional) features and finally, documentation.
With that said, Protector has been around for a great deal of time with several generational evolutions which explains why it is so robust, I suspect noted issues about Sentinal will evolve through future releases. Also, in fairness remember that Sentinal is only designed to do a very specific job, and I would say that it does that job very well, once configured correctly.
Natural evolution in Sentinal's configuration management and the addition of new ("More affective/less Utilization") protection features (and as future issues as they are identified) are most likely to be released in updates over time. Further, I suspect that Sentinal will begin to include the ability to integrate other features and utilities as it evolves through new coding partnerships and mods developed by the community. Again, there are only so many hours in a day to work on any one application and "everyting comes to those who....... help write it".
Currently, Protector has many on-screen "?" - Help functions for the various configuration and monitoring options. Each section and feature is fairly well explained and those that are not, are at least self-explanatory in nature. Sentinal on the other hand has a very simplistic drop down menu of choices for protection. Again, remember that by nature, Sentinal is "Set it and forget it". I suspect the configuration interface of Sentinal will also evolve over time.
Unfortunately, Sentinal includes ZERO documentation or help. You aren't even told what individual settings mean or do. Options are just 'there', with several configuration setting choices for each item. You feel pretty stupid staring at some items on the Maintenance screen wondering how they work or how they should be set. Further, the configuration options won't really mean anything to you when you look at them. They are not "Protect this" kind of "you check it off" options that you will see in Protector, but rather vague setting options for vague classifications of protection. You won't know even if it is doing what it is supposed to do even after it is configured. You'll just have to sit back and watch and HOPE. A visit to the support forums for Sentinal will hopefully clear up some of the configuration issues and once the setting are right, Sentinal will do its thing. However, don't just install it and expect it to work.
Sentinal and Protector offer options for blocking Bad Bots via list management preventing bad spiders and bots from needlessly consuming bandwidth while harvesting email addresses, etc.. for spammers. Protector goes on by providing bot & spider monitoring plus IP2Country support. Futher, Protector includes features for securing "Post", "Get" as well as Cookies against intrusion. All in all, I would described Protector as a very intensive and well rounded security product for Nuke.
Protector's many features and monitoring methods DO consume resources AND on high-volume sites, unlike Sentinal; Protector MAY impact performance, which is one of the primary reasons why Sentinal is heralded over Protector (having a smaller footprint and much lower resource utilization), however, I want to stress that performance utilization (not transfer delays from bandwidth limitations or communications related bottlenecks) must be weighed carefully against bandwidth consumption related performance hits in that the first issue is only relative to the limitations in the configuration of your server, the latter your bandwidth. Today’s servers should not be dramatically impacted by Protector, but a bloaty site is something different.
My personal opinion is if you are taking large hits in performance from using protector, you should downsize (Prune) your tracking database and implement range filtering to reduce attack traffic from known sources. Also, stop Protector from monitoring good bots (you can filter them out) to reduce traffic. Further, if you a super high volume site, rather than getting rid of protector, I would suggest sticking some money into increasing your resources. Everything should be weighed carefully.
With all of that said, I should mention that I don't use mod re-write on my site. GoogleTap has unfortunately impacted performance more than any other feature. If you are running GT, Protector will most likely big a bigger issue as after all, how much database and re-write processing utilization do you have?
I like what Sentinal does but I think it needs to evolve into a something that has better configuration options and with some better descriptions and some basic documentation that describes each individual setting and configuration option. Further, I think there should be some self-test mechanism. Frankly, I was surprised not to see some basic documentation in the first release (Support needs would be cut down from NOT having people ask the same configuration questions 300000 times in support forums.)
Next, I would really like to see a more robust banning system that would allow administrators to ban entire classes and/or ranges of IP addresses. In my opinion, this would be the first big step to considering Sentinal as a replacement OVER Protector. Also, I'd like to see the elimination of the useless "Administration" screen. There is just no need to have it as the Sentinal Navigation Menu is on every Sentinal screen. It is wasted code on a wasted page that is just blank. Again, it confuses users expecting to see something there and there is just no need for it.
Finally, I think that it is important to identify that Protector does many things that Sentinal doesn't. That isn't a bad thing for either solution, but I think that I should point out that if you are interested in any of the "Other" features that Protector offers, Sentinal is not a substitute for Protector, but rather a great supplement. Alone, both security solutions are excellent. Together? Well, I've no complaints.
When it comes to using Sentinal and/or Protector, I can only quote the famous last words of the HAL 9000 Computer from the Movie 2010, "USE THEM TOGETHER, USE THEM IN PEACE".
Just my two cents.... |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance.
Last edited by 64bitguy on Mon Jul 26, 2004 5:41 pm; edited 4 times in total |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Jul 25, 2004 5:44 pm |
|
First off, I do not have ought towards any system that is out there. For everyone, use what you want for whatever reasons you have. I am going to respond to just a couple of your statements, though, not in defense of Sentinel but because I feel strongly about the basis of those statments.
Sentinel is newer that Protector and while your comments about documentation are accurate, I would not have been so strong to draw conclusions "leaving in the dust". Protector has matured over a long period of time, especially in the documentation area, as I was one of the first ones to try it when he first released it (Rome wasn't built in a day  ).
The current version of Sentinel bans entire IP classes since v1.2, maybe even v1.1.
I will stop here only because, as I said, this is not a defensive post. Sentinel started out as, and continues for, a specific purpose - to defend against exploits and hacks. It was never meant to do IP tracking, etc. We are trying to avoid "bloat" that would cause excessive and unneeded overhead. There are IP tracking mods out there, so why reinvent the wheel?
The RC for v2.0 is out ( http://www.ravenphpscripts.com/article-427--0-0.html ) and there is more documentation as well as much more configuration for each and every type exploit. You might try it and like it or not.
Give it a chance to mature  |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Sun Jul 25, 2004 6:00 pm |
|
If you do try NukeSentinel(tm) 2.0.0 RC 4 you will find a major new feature. the "NukeSentinel(tm) Help System". This system will be expanded with future versions and will continue to expand as NukeSentinel(tm) grows. As Raven pointed out, NukeSentinel(tm) has only been out for about 4 months now so it is still growing and improving. Our first and foremost concern is that the script operates as it is intended, and in my mind that is more important than writting a document to explain it.
We have also been given feedback that documentation isn't as important to some users now that the Help System has been added.
I too have tried Protector and even contacted mister with an offer of him using some of the NSN IP Banner code to make it read and write to the htaccess file for improved protection. I like Protector but my biggest issue is that it bogs my site down with the many db queries  So NukeSentinel(tm) came about as a fast easy to use protection script that doesn't have the overhead that others do.
It has never been meant to track ip's, as Raven pointed out - why reinvent the wheel, but to protect and prevent attacks on a site without bogging it down with the number of queries needed to track ips.
Another thing that NukeSentinel(tm) will most likely not do is hammer blocking. Here again there are scripts out there already to do this and it would only slow what NukeSentinel(tm) down to add something that already exists.
Protector is not a substitute for NukeSentinel(tm), but rather an expansion. on site security. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Jul 25, 2004 6:30 pm |
|
I've used both and I only use Sentinel now as being a total novice it is easier for me to install/upgrade/use than Protector was.
If I have any questions, however stupid they are, someone on this site takes time to explain it to me, even if I don't get it the first time. So Sentinel support is excellent, and I have confidence in the support I get as I know it's from people that write Sentinel.
If I wanted an IP tracker I'd use MS Analysis, all I want is something reliable and easy to use that protects my site, and I get that from Sentinel. I dont care where the hackers come from, I just leave Sentinel to deal with them.
As Raven has said here, Sentinel is evolving, and each release is better and better, and after each upgrade you think "can this get any better?" but it does.
I think Sentinel rocks, and at last I can relax knowing my site is as safe as it can be and that means a lot to me. |
| |
|
|
|
|
diabluntd
Hangin' Around
Joined: Mar 19, 2004
Posts: 31
|
| Posted:
Sun Jul 25, 2004 7:52 pm |
|
| 64bitguy wrote: | | Next, Protector provides some really good IP tracking and monitoring that you just don't get with Sentinal. |
Currently running Protector but always interested in checking out something made by Raven, Chat, etc cause you guys rule but i agree with the above statement. Without getting into what one can and the other can't i'm not sure if would switch simply because i use the ip tracking part of Protector a LOT. i click on the IP inside protector and it tells me every user name who has logged in from that IP and vice versa it can tell me every IP the person has used.
I saw earlier in the thread there is a mention of the IP Tracking module which i've installed to check out but i'm not sure it does what Protector does either.
Without fully checking Sentinal out (i apologize if i haven't looked into it enough but time is hard to come by) does it work like Protector with banned usernames? Like, if i ban "user a", which of course bans his current IP address, if "user a" tries to log into the site with another IP will Sentinal recognize that and ban that new IP?
Thanks. |
| |
|
|
|
|
Raven
|
| Posted:
Sun Jul 25, 2004 9:14 pm |
|
No, by design. Not knocking Protector. Nuke already allows banning users through Forum and you can deactivate the active status in nuke. Here again, why reinvent the wheel? Sentinel works at the server and site level with IP's. |
| |
|
|
|
|
64bitguy
|
| Posted:
Mon Jul 26, 2004 11:00 am |
|
Clarification:
I wanted everyone to know that I'm NOT knocking Sentinal! I know Sentinal is fairly new and thus not as robust in the areas that I discussed as issues. I do think it important however, to point out that there are differences.
As a not fully matured solution, I also think it is also important to point out that having Protector backing up Sentinal isn't such a bad thing either. What one misses, the other seems to get. I have yet to be penetrated; however, while Sentinal and RavenScripts have saved my butt (way too many times  ), Protector has too, so you won't find me knocking EITHER solution!
Finally, while Sentinal is designed to perform specific tasks with the most modest amount of code and minimal resources consumed by the server (as commonly pointed out, to not bog down performance) the features that Sentinal does not include, in my case need to come from somewhere. I am using Protector to satisfy those needs as I have experienced abuse and holes that need to be addressed by SOME solution. In my case, Protector fills those holes. If someone can point better solutions to do the job, I'm all ears to hear about them.
Again, I'm using Protector for:
1) Blocking Specific Ranges of IP Addresses of Attackers
2) Blocking Entire Classes of IP Address from Abusive Countries or Telecom Companies
3) Securing and monitoring my Admin functions (Accessible from only my IP address)
4) Website “Hammer” protection
5) IP Tracking – Detailed data dumped daily to a remote server (Say that 3 times fast)
6) Bad Bot Blocking
7) All Bot & Spider Monitoring
 IP2Country Tracking, Translations & Management
9) Securing Private Modules for ONLY Approved Members (Others can neither see nor access these pages)
10) Redirecting all abusers to the FBI
I am using Sentinal like a site Condom. It covers my site with a “safety first” attitude. I use it for my protection and it works. To date, Sentinal has blocked over 500 abuse attempts. What can I say, it works.
Again, the comments of my post are intended as productive criticism to identify WHAT I SEE as issues and places where I would like to see the product improved through the duration of its evolutionary development. This is by no means supposed to be a kick in the shorts, but rather just my two cents.
Keep up the good work! |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 26, 2004 11:13 am |
|
Thanks Steph. I knew you weren't attacking, honestly. But, when visitors come here, I can almost assure you that if they read your original editorial, they will not walk away with a warm-fuzzy feeling. Your follow-up post, imo, takes the unintended edge off your first post. However, the comment about the condom ..... |
| |
|
|
|
|
64bitguy
|
| Posted:
Wed Jul 28, 2004 11:14 pm |
|
Well, so much for having to wait a long time between revisions... You guys are making everyone else in the Nuke community look bad by programming so much great code, so darn fast!
Well, it looks like my work is cut out for me. My issues with Sentinal seem to have been AGGRESIVELY addressed in the newest release.
There are robust "?" help Icons with rollover affects in the latest version (Meaning you don't need to click the help icon which would activate a popup help window, but rather just "mouse over" any "?" to see the help text)
On a side note, I would like to see the "Active" help screen with detailed descriptions of each type of "blocker settings". Again, I think it doesn't go quite far enough, but it has definately come a very long way! Again, at this point since the layout is there, it is just a matter of "Phrasing" what each setting does.
Next, the menu system has been substantially revamped, everything now has its place, and placement is good.
Some of the things that I pointed out to only exist in Protector now are included with Sentinal. Give me a week or so to digest and test everything and I'll write more. For now, I can only say, "WOW!"
Hats off to Bob M. and EVERYONE else that has worked on Sentinal. I am VERY impressed that this security application has come so far in such a short period of time. I mean, if ONLY PHP-Nuke updates came out so fast with SOOOOOO many fixes and improvements. Sorry, I started fantasizing there.
|
| |
|
|
|
|
Raven
|
| Posted:
Wed Jul 28, 2004 11:23 pm |
|
Resistance is futile - You will be assimilated |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
