BanklessDAO
BanklessDAO
/
Operations Department
Operations Department
/
đź“–
Notion Administration
/
Top-Level BanklessDAO Notion Pages
Top-Level BanklessDAO Notion Pages
/
🚧
Projects
/
🛡️
InfoSec Team
/
BanklessDAO InfoSec Meeting 52
BanklessDAO InfoSec Meeting 52

BanklessDAO InfoSec Meeting 52

Created
Apr 26, 2023
Tags
Meeting Date
‣
Attendees
Dysan, d0wnlore, bogdrakonov.eth, Stackthat.eth, Tony Stark
Goals for Season 7
    • Add to Google Workspace if financing and requirements make sense
    • Stackthat.eth will be added to the mutli-sig to replace montgomery
    • Team: Increase Bankless Consulting <> InfoSec Offerings
      • This in turn creates revenue for the DAO
        • âś… Close AWS Account - Completed
        • It’s deprecated and no resources should be running in it. We are not offering AWS as a service.
        • Cloudflare controls DNS and domain registration now
    • Focus on access control both inside and outside of Discord
      • JumpCloud
      • SAML
      • Discord OIDC?
      • Discord role audit continuing
    • Tony.Stark
      • working on web crawler Kapture bot
      • Machine Learning Project on Kapture
      • Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete
        • We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced
        • This will happen once First Quest is fixed. We’re going to work with them on that
    • downl0re - Education
      • Weekly the past month
      • Currently Published Educational Articles/Posts 2
        • Weekly rollup newsletter - 02/17/23
        • DeFi download newsletter -
      • vaultwarden documentation
    • stackthat.eth
      • Discord Audit / Cleanup continuation
      • Continue infrastructure additions/maintenance
      • Extend vaultwarden to InfoSec team members
      • Machine Learning Project on Kapture
    • Dysan
      • Planning / Tracking KPI’s
      • Discord Management
      • Discord Audit / Cleanup continuation
    Weekly Review
     
    • InfoSec to go back to using discord InfoSec worklog channel for task management.
    • InfoSec still working to ratify S7 funding issue with GC.
    Work log
    • Limiting access to L2
      • Small Mod team - infosec/admins (discord level permissions)
      • Mods (subset of L2) - 1/4 of L2s
        • Chan management privileges
        • No user’s moderations privileges
      • L2 Contributor Roles (stripping the access)
        • Find the last activity
      • Someone losing moderation doesn’t have to lose L2 Contributors..
    • Weekly Infosec
      • Preface No Links
      • Where do you buy your hardware wallet from?
        • a) Vendor/hardware wallet website
        • b) Ebay.com
        • c) Amazon.com
        • d) Walmart
      • How do you find what the vendor website is?
        • a)
        • b)
        • c)
        • d)
    • Droste.eth Infosec Podcast, best infosec practices
    • Series/multiple episode
    • Elios Labs - https://eleoslabs.io/
      • Security Company.
      • Watches dangerous transactions/Contracts/etc.. (may allow front running bad transactions)
      • D0wnlore/Bog will work with Droste
    • GC issues with template
    • Tony/Stack working on the website
      • Content
    • Added system-logs channel
    • Deprecate SAML Connection from jumpcloud to google.
      • Will have to work with marketing
    • Stackthat cleaned up terraform resources for AWS
    • Tony is planning to add logic to madhatter that requires people to have “First Quest Complete”
      • Tony will be inviting Bog to the madhatter server
    • Finding ways to kick users who have “First Quest Welcome” role but are not active
    • Replacing Montgomary with stackthat on multisig
    • Bankless Card -
      • Tony/Stackthat have to still go through best practices
     
    • working w/ Bankless Cards on DevOps related issue.
      • We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.
      • We are also looking to build a ci/cd pipeline for this project.
    • has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.
    • Monthly Discord message has been posted last week
    • Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news
      • Configure the DB w/ BigQuery & TerraForm
      • Daily Summary
    • Risk council started by Tertius to look at forms of risk for the DAO
      • Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec
      • No updates at the moment but underway
    • Treasury's initiative of standardizing accounting process DAO wide
    • Discord policy update to enforce a restriction on accounts younger that 2 days
    • L2 Moderations
      • Stackthat - take them away and grant the projects moderations
      • Discussed various options
      • Things kicking people/banning peopel
        • Do announcement draft -
          • Kick off this season
          • Give them them a couple of months to enroll into the new “mod role” program
        • New “mod role”
        • Strip roles form - “Level 2 (Contributor)”
    Action Items
    Adding Stackthat.eth to multisig instead of Montgomery
    to work on connecting a BigQuery DB to crawler
    to configure TerraForm for this
    to continue working on InfoSec bot
    to reach out to DevOps to create a list discord members with administrator access.
    to work an article for Phishing campaign for next week.
    to monitor funding issue w/ GC
    Domain Migration
     
    Partnerships
     
    Bankless Consulting
    Marketing materials needs improvement.
     
    StackThat & Tony working w/ Bankless Card to work fix their hosting issues.
    BanklessDAO
    BanklessDAO
    /
    Operations Department
    Operations Department
    /
    đź“–
    Notion Administration
    /
    Top-Level BanklessDAO Notion Pages
    Top-Level BanklessDAO Notion Pages
    /
    🚧
    Projects
    /
    🛡️
    InfoSec Team
    /
    BanklessDAO InfoSec Meeting 52
    BanklessDAO InfoSec Meeting 52

    BanklessDAO InfoSec Meeting 52

    Created
    Apr 26, 2023
    Tags
    Meeting Date
    ‣
    Attendees
    Dysan, d0wnlore, bogdrakonov.eth, Stackthat.eth, Tony Stark
    Goals for Season 7
      • Add to Google Workspace if financing and requirements make sense
      • Stackthat.eth will be added to the mutli-sig to replace montgomery
      • Team: Increase Bankless Consulting <> InfoSec Offerings
        • This in turn creates revenue for the DAO
          • âś… Close AWS Account - Completed
          • It’s deprecated and no resources should be running in it. We are not offering AWS as a service.
          • Cloudflare controls DNS and domain registration now
      • Focus on access control both inside and outside of Discord
        • JumpCloud
        • SAML
        • Discord OIDC?
        • Discord role audit continuing
      • Tony.Stark
        • working on web crawler Kapture bot
        • Machine Learning Project on Kapture
        • Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete
          • We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced
          • This will happen once First Quest is fixed. We’re going to work with them on that
      • downl0re - Education
        • Weekly the past month
        • Currently Published Educational Articles/Posts 2
          • Weekly rollup newsletter - 02/17/23
          • DeFi download newsletter -
        • vaultwarden documentation
      • stackthat.eth
        • Discord Audit / Cleanup continuation
        • Continue infrastructure additions/maintenance
        • Extend vaultwarden to InfoSec team members
        • Machine Learning Project on Kapture
      • Dysan
        • Planning / Tracking KPI’s
        • Discord Management
        • Discord Audit / Cleanup continuation
      Weekly Review
       
      • InfoSec to go back to using discord InfoSec worklog channel for task management.
      • InfoSec still working to ratify S7 funding issue with GC.
      Work log
      • Limiting access to L2
        • Small Mod team - infosec/admins (discord level permissions)
        • Mods (subset of L2) - 1/4 of L2s
          • Chan management privileges
          • No user’s moderations privileges
        • L2 Contributor Roles (stripping the access)
          • Find the last activity
        • Someone losing moderation doesn’t have to lose L2 Contributors..
      • Weekly Infosec
        • Preface No Links
        • Where do you buy your hardware wallet from?
          • a) Vendor/hardware wallet website
          • b) Ebay.com
          • c) Amazon.com
          • d) Walmart
        • How do you find what the vendor website is?
          • a)
          • b)
          • c)
          • d)
      • Droste.eth Infosec Podcast, best infosec practices
      • Series/multiple episode
      • Elios Labs - https://eleoslabs.io/
        • Security Company.
        • Watches dangerous transactions/Contracts/etc.. (may allow front running bad transactions)
        • D0wnlore/Bog will work with Droste
      • GC issues with template
      • Tony/Stack working on the website
        • Content
      • Added system-logs channel
      • Deprecate SAML Connection from jumpcloud to google.
        • Will have to work with marketing
      • Stackthat cleaned up terraform resources for AWS
      • Tony is planning to add logic to madhatter that requires people to have “First Quest Complete”
        • Tony will be inviting Bog to the madhatter server
      • Finding ways to kick users who have “First Quest Welcome” role but are not active
      • Replacing Montgomary with stackthat on multisig
      • Bankless Card -
        • Tony/Stackthat have to still go through best practices
       
      • working w/ Bankless Cards on DevOps related issue.
        • We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.
        • We are also looking to build a ci/cd pipeline for this project.
      • has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.
      • Monthly Discord message has been posted last week
      • Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news
        • Configure the DB w/ BigQuery & TerraForm
        • Daily Summary
      • Risk council started by Tertius to look at forms of risk for the DAO
        • Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec
        • No updates at the moment but underway
      • Treasury's initiative of standardizing accounting process DAO wide
      • Discord policy update to enforce a restriction on accounts younger that 2 days
      • L2 Moderations
        • Stackthat - take them away and grant the projects moderations
        • Discussed various options
        • Things kicking people/banning peopel
          • Do announcement draft -
            • Kick off this season
            • Give them them a couple of months to enroll into the new “mod role” program
          • New “mod role”
          • Strip roles form - “Level 2 (Contributor)”
      Action Items
      Adding Stackthat.eth to multisig instead of Montgomery
      to work on connecting a BigQuery DB to crawler
      to configure TerraForm for this
      to continue working on InfoSec bot
      to reach out to DevOps to create a list discord members with administrator access.
      to work an article for Phishing campaign for next week.
      to monitor funding issue w/ GC
      Domain Migration
       
      Partnerships
       
      Bankless Consulting
      Marketing materials needs improvement.
       
      StackThat & Tony working w/ Bankless Card to work fix their hosting issues.