BanklessDAO InfoSec Meeting 47

Created

Mar 9, 2023

Tags

Meeting Date

‣

Attendees

Tony Stark, Dysan, bogdrakonov.eth

Goals for Season 7

Team: Increase Bankless Consulting <> InfoSec Offerings

This in turn creates revenue for the DAO

Close AWS Account

It’s deprecated and no resources should be running in it. We are not offering AWS as a service.

Cloudflare controls DNS and domain registration now

This will further our goal of migrating off JumpCloud for SSO to Google Workspace or an alternative

Discord plus Cloudflare ZTA? https://github.com/Erisa/discord-oidc-worker

Focus on access control both inside and outside of Discord

JumpCloud

SAML

Discord OIDC?

Discord role audit continuing

Tony.Stark

working on web crawler Kapture bot

Machine Learning Project on Kapture

Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete

We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced

downl0re - Education

Weekly the past month

Currently Published Educational Articles/Posts 2

Weekly rollup newsletter - 02/17/23

DeFi download newsletter -

vaultwarden documentation

stackthat.eth

Discord Audit / Cleanup continuation

Continue infrastructure additions/maintenance

Extend vaultwarden to InfoSec team members

Machine Learning Project on Kapture

Dysan

Planning / Tracking KPI’s

Discord Management

Discord Audit / Cleanup continuation

Weekly Review

InfoSec to go back to using discord InfoSec worklog channel for task management.

InfoSec still working to ratify S7 funding issue with GC.

Work log

working w/ Bankless Cards on DevOps related issue.

We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.

We are also looking to build a ci/cd pipeline for this project.

has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.

Monthly Discord message has been posted last week

Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news

Configure the DB w/ BigQuery & TerraForm

Daily Summary

Risk council started by Tertius to look at forms of risk for the DAO

Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec

No updates at the moment but underway

Treasury's initiative of standardizing accounting process DAO wide

Discord policy update to enforce a restriction on accounts younger that 2 days

Action Items

to work on connecting a BigQuery DB to crawler

to configure TerraForm for this

to continue working on InfoSec bot

to reach out to DevOps to create a list discord members with administrator access.

to work an article for Phishing campaign for next week.

to monitor funding issue w/ GC

Domain Migration

Partnerships

Bankless ConsultingMarketing materials needs improvement.

StackThat & Tony working w/ Bankless Card to work fix their hosting issues.

BanklessDAO InfoSec Meeting 47

Created

Mar 9, 2023

Tags

Meeting Date

‣

Attendees

Tony Stark, Dysan, bogdrakonov.eth

Goals for Season 7

Team: Increase Bankless Consulting <> InfoSec Offerings

This in turn creates revenue for the DAO

Close AWS Account

It’s deprecated and no resources should be running in it. We are not offering AWS as a service.

Cloudflare controls DNS and domain registration now

This will further our goal of migrating off JumpCloud for SSO to Google Workspace or an alternative

Discord plus Cloudflare ZTA? https://github.com/Erisa/discord-oidc-worker

Focus on access control both inside and outside of Discord

JumpCloud

SAML

Discord OIDC?

Discord role audit continuing

Tony.Stark

working on web crawler Kapture bot

Machine Learning Project on Kapture

Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete

We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced

downl0re - Education

Weekly the past month

Currently Published Educational Articles/Posts 2

Weekly rollup newsletter - 02/17/23

DeFi download newsletter -

vaultwarden documentation

stackthat.eth

Discord Audit / Cleanup continuation

Continue infrastructure additions/maintenance

Extend vaultwarden to InfoSec team members

Machine Learning Project on Kapture

Dysan

Planning / Tracking KPI’s

Discord Management

Discord Audit / Cleanup continuation

Weekly Review

InfoSec to go back to using discord InfoSec worklog channel for task management.

InfoSec still working to ratify S7 funding issue with GC.

Work log

working w/ Bankless Cards on DevOps related issue.

We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.

We are also looking to build a ci/cd pipeline for this project.

has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.

Monthly Discord message has been posted last week

Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news

Configure the DB w/ BigQuery & TerraForm

Daily Summary

Risk council started by Tertius to look at forms of risk for the DAO

Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec

No updates at the moment but underway

Treasury's initiative of standardizing accounting process DAO wide

Discord policy update to enforce a restriction on accounts younger that 2 days

Action Items

to work on connecting a BigQuery DB to crawler

to configure TerraForm for this

to continue working on InfoSec bot

to reach out to DevOps to create a list discord members with administrator access.

to work an article for Phishing campaign for next week.

to monitor funding issue w/ GC

Domain Migration

Partnerships

Bankless ConsultingMarketing materials needs improvement.

StackThat & Tony working w/ Bankless Card to work fix their hosting issues.