BanklessDAO
BanklessDAO
/
Operations Department
Operations Department
/
đź“–
Notion Administration
/
Top-Level BanklessDAO Notion Pages
Top-Level BanklessDAO Notion Pages
/
🚧
Projects
/
🛡️
InfoSec Team
/
BanklessDAO InfoSec Meeting 38

BanklessDAO InfoSec Meeting 38

Created
Sep 21, 2022
Tags
Meeting Date
‣
Attendees
stackthat.eth, Dysan, Tony Stark
 
  • Discord audit - talk about it next week
    • Stackthat will take an initial look at the report.
    • Who should be able to admin, ban, kick servers?
      • L2 planning what to do? Trim L2 if members haven’t been on for 2+ seasons, separate L2 role and permission?
      • Risks: as time goes on, we’re going to have more and more people with admin access to the server. Some of these members may have been offline for years. People with unnecessary access doesn’t follow best practices (ex. hacked accounts).
    • Wick has moderator role
    • Are all the roles required?
      • Role… if a user has infosec role..> list all the permissions per user sorted by highest permissions…find common roles?
      • Two set of roles -
        • L2 - permissions (other roles lower or higher than l2)
        • Label - identification
      • The number of members that have a role (0 members?)
    • Lease privilege - Guest pass,
    • Channel permissions reports
    • Should permissions be assigned at server level (roles) or category/chan level?
    • Restrict “season role holder” (SRH) change -
      • should have elevated permissions over the category for the “category” guild?
 
  • stackthat is working with links (bankless card)
    • It’s getting a google phishing page, they need to verify page.
      •  
—Last week’s note:
  • Bog contacting ABJ to move BDAO matrix bridge role lower.
  • Stackthat, finalize cloudflare, needs to flip dns record.
  • (completed) - Tony.stark has no access to archive project in bdao github.
  • Discord Audit Project -
  • InfoSec Website (stackthat, tony, Dysan will be working on this)
  • VaultWarden (stackthat has access to it).
    • Working on ops and links on the process
  • Discord - Permissions Auditing / Cleanup
    • Dysan, bog, Stackthat working on that
  • Infrastructure - work in progress.
    • terraform workshops/educations
 
BanklessDAO
BanklessDAO
/
Operations Department
Operations Department
/
đź“–
Notion Administration
/
Top-Level BanklessDAO Notion Pages
Top-Level BanklessDAO Notion Pages
/
🚧
Projects
/
🛡️
InfoSec Team
/
BanklessDAO InfoSec Meeting 38

BanklessDAO InfoSec Meeting 38

Created
Sep 21, 2022
Tags
Meeting Date
‣
Attendees
stackthat.eth, Dysan, Tony Stark
 
  • Discord audit - talk about it next week
    • Stackthat will take an initial look at the report.
    • Who should be able to admin, ban, kick servers?
      • L2 planning what to do? Trim L2 if members haven’t been on for 2+ seasons, separate L2 role and permission?
      • Risks: as time goes on, we’re going to have more and more people with admin access to the server. Some of these members may have been offline for years. People with unnecessary access doesn’t follow best practices (ex. hacked accounts).
    • Wick has moderator role
    • Are all the roles required?
      • Role… if a user has infosec role..> list all the permissions per user sorted by highest permissions…find common roles?
      • Two set of roles -
        • L2 - permissions (other roles lower or higher than l2)
        • Label - identification
      • The number of members that have a role (0 members?)
    • Lease privilege - Guest pass,
    • Channel permissions reports
    • Should permissions be assigned at server level (roles) or category/chan level?
    • Restrict “season role holder” (SRH) change -
      • should have elevated permissions over the category for the “category” guild?
 
  • stackthat is working with links (bankless card)
    • It’s getting a google phishing page, they need to verify page.
      •  
—Last week’s note:
  • Bog contacting ABJ to move BDAO matrix bridge role lower.
  • Stackthat, finalize cloudflare, needs to flip dns record.
  • (completed) - Tony.stark has no access to archive project in bdao github.
  • Discord Audit Project -
  • InfoSec Website (stackthat, tony, Dysan will be working on this)
  • VaultWarden (stackthat has access to it).
    • Working on ops and links on the process
  • Discord - Permissions Auditing / Cleanup
    • Dysan, bog, Stackthat working on that
  • Infrastructure - work in progress.
    • terraform workshops/educations
Â