Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

...

TimeItemWhoNotes
45 MinProposal site structureGroup diskussion
  • Site structrue
    • Definitions within environment(s) to investigate
      • classes of threats
        • External generic - i.e script kiddies, without folio-specific knowledge
        • "Bad user" - has a folio account and password. Either leaked account/password or evil user
        • Internal non-folio - Has access to (parts of) folio network but no account
        • non-malicious - I.e Ooops- script or command. User with foilo-account that had bad luck when thinking
      • classes of networks
        • public net
        • internals net(s)
      • classes of FOLIO services
        • FOLIO Backend modules
        • FOLIO permission/managing service - OKAPI
        • Secondary services
          • Kafka
          • Elastic Search
          • Database
          • FOLIO-Reporting?
          • Monitoring?
      • classes of tools to explore
        • webservers / proxies
        • firewalls
        • others?treat/suspicous traffic detection services (log scanning eg. elastic search)
      • scope / out of scope
      • Diagrams needed?
      Matrix of cases to explore (?
        • others?
      • scope:
        • start with API 
        • later: UI
        • later: secondary services (Kafka, Elastic Search, Database etc.)
      • out of scope:
        • Bringing down / securing secondary services
      • several stages of aproach
        • Investigation → stories and (ab)use cases
          • Matrix of cases to explore 
          • eg. bringing down Okapi
          • clause of from external network
          • clause from internal net to bring down modules directly
        • Defining test case/environments
        • Creating test environment and verifying
        • Outcome should be a documentation
          • no need to specify this on at this stage
      • (Diagrams where needed)
5 MinMeeting times and frequenciesAll
  • Fridays 11 CET every week to start
  • stay in huddle for the moment
  • could lower frequency later for asychronous work

Action items

Axel to create defintions page and start with classes definition → inform about that in slack