protect Okapi
protect webserver ingres, protect nginx
people could try to reverse-engineer nginx
prevent database injection attacs
Start with some document where we could split of what kind of attacks there are. Come up with some examples. Our environments will be very different. The best we can do is to come up with guidlines and a sample implementation.
can't work with IP range lists. Assumption here is : Okapi is freely open to the world. What tools could be used for this ? How to set up firewalls to set up denial of service attacks.
Assumption: Kafka is only used for FOLIO.
Define an investigation environment. Define the tools that we want to investigate (web servers). Define possible attack vectors.
start with weekly meetings
next meeting Friday (December 9) 11 CET