2022-12-02 - Network Traffic Control Working Group Meeting Notes

Date

02 Dec 2022

Time	Item	Who	Notes
5 Min	Welcome	Axel
5-10 Min	Meeting times and frequencies	All	Fridays 15 CET, 45 minutes. Maybe every other week
20 Min	Scope and how to start	Axel	protect Okapi protect webserver ingres, protect nginx Modul ngx_http_auth_request_module (nginx.org) require that the user is logged in people could try to reverse-engineer nginx prevent database injection attacs Start with some document where we could split of what kind of attacks there are. Come up with some examples. Our environments will be very different. The best we can do is to come up with guidlines and a sample implementation. can't work with IP range lists. Assumption here is : Okapi is freely open to the world. What tools could be used for this ? How to set up firewalls to set up denial of service attacks. Assumption: Kafka is only used for FOLIO. Define an investigation environment. Define the tools that we want to investigate (web servers). Define possible attack vectors. start with weekly meetings next meeting Friday (December 9) 11 CET