| 45 Min | Proposal site structure | Group diskussion | - Site structrue
- Definitions within environment(s) to investigate
- classes of threats
- External generic - i.e script kiddies, without folio-specific knowledge
- "Bad user" - has a folio account and password. Either leaked account/password or evil user
- Internal non-folio - Has access to (parts of) folio network but no account
- non-malicious - I.e Ooops- script or command. User with foilo-account that had bad luck when thinking
- classes of networks
- public net
- internals net(s)
- classes of FOLIO services
- FOLIO Backend modules
- FOLIO permission/managing service - OKAPI
- Secondary services
- Kafka
- Elastic Search
- Database
- FOLIO-Reporting?
- Monitoring?
- classes of tools to explore
- webservers / proxies
- firewalls
- others?
- treat/suspicous traffic detection services (log scanning eg. elastic search)
- scope / out of scope
- Diagrams needed?
- Matrix of cases to explore (?)
|