Definitions within environments to investigate

Classes of threats

• • External generic -
    • i.e script kiddies, without folio-specific knowledge
  • "Bad user" -
    • has a folio account and password. Either leaked account/password or evil user
  • Internal non-folio -
    • has access to (parts of) folio network but no account
  • non-malicious -
    • i.e Ooops- script or command. User with foilo-account that had bad luck when thinking

Classes of networks

• • Public net
    This is associated with the public internet, external IPs
  • Internals net(s)
    • Might be divided in:
      • FOLIO internal network with OKAPI as managing "proxy"
      • separate network for secondary services (might be optional)
  • Diagram might be very helpful!

Classes of FOLIO services

• • FOLIO Backend modules
  • FOLIO permission/managing service - OKAPI
  • Secondary services
    • Kafka
    • Elastic Search
    • Database
    • FOLIO-Reporting?
    • Monitoring?
  • Diagram might be very helpful!

Classes of tools to explore

• • webservers / proxies
  • firewalls
  • treat/suspicous traffic detection services (log scanning eg. elastic search)
  • others?

Scope

• • start with API 
  • later: UI
  • later: secondary services (Kafka, Elastic Search, Database etc.)

Out of scope

• • Bringing down / securing secondary services

Several stages of aproach

1. Investigation → stories and (ab)use cases
   1. Matrix of cases to explore 
   2. eg. bringing down Okapi
   3. clause of from external network
   4. clause from internal net to bring down modules directly
2. Defining test case/environments
3. Creating test environment and verifying
4. Outcome should be a documentation → no need to specify this on at this stage