BanklessDAO InfoSec Meeting 51

Created

Apr 26, 2023

Tags

Meeting Date

‣

Attendees

Dysan, bogdrakonov.eth, Stackthat.eth, Tony Stark, Puretayo

Goals for Season 7

Add to Google Workspace if financing and requirements make sense

infrastructure repo permissions added

https://github.com/BanklessDAO/infrastructure/pull/15

Stackthat.eth will be added to the mutli-sig to replace montgomery

Team: Increase Bankless Consulting <> InfoSec Offerings

This in turn creates revenue for the DAO

✅ Close AWS Account - CompletedIt’s deprecated and no resources should be running in it. We are not offering AWS as a service.
Cloudflare controls DNS and domain registration now
This will further our goal of migrating off JumpCloud for SSO to Google Workspace or an alternative
Discord plus Cloudflare ZTA? https://github.com/Erisa/discord-oidc-worker

Focus on access control both inside and outside of Discord

JumpCloud

SAML

Discord OIDC?

Discord role audit continuing

Tony.Stark

working on web crawler Kapture bot

Machine Learning Project on Kapture

Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete

We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced

This will happen once First Quest is fixed. We’re going to work with them on that

downl0re - Education

Weekly the past month

Currently Published Educational Articles/Posts 2

Weekly rollup newsletter - 02/17/23

DeFi download newsletter -

vaultwarden documentation

stackthat.eth

Discord Audit / Cleanup continuation

Continue infrastructure additions/maintenance

Extend vaultwarden to InfoSec team members

Machine Learning Project on Kapture

Dysan

Planning / Tracking KPI’s

Discord Management

Discord Audit / Cleanup continuation

Weekly Review

InfoSec to go back to using discord InfoSec worklog channel for task management.

InfoSec still working to ratify S7 funding issue with GC.

Work log

Limiting access to L2

Small Mod team - infosec/admins (discord level permissions)

Mods (subset of L2) - 1/4 of L2s

Chan management privileges

No user’s moderations privileges

L2 Contributor Roles (stripping the access)

Find the last activity

Someone losing moderation doesn’t have to lose L2 Contributors..

Weekly Infosec

Preface No Links

Where do you buy your hardware wallet from?

a) Vendor/hardware wallet website

b) Ebay.com

c) Amazon.com

d) Walmart

How do you find what the vendor website is?

Droste.eth Infosec Podcast, best infosec practices

Series/multiple episode

Elios Labs - https://eleoslabs.io/

Security Company.

Watches dangerous transactions/Contracts/etc.. (may allow front running bad transactions)

D0wnlore/Bog will work with Droste

GC issues with template

Tony/Stack working on the website

Content

Added system-logs channel

Deprecate SAML Connection from jumpcloud to google.

Will have to work with marketing

Stackthat cleaned up terraform resources for AWS

Tony is planning to add logic to madhatter that requires people to have “First Quest Complete”

Tony will be inviting Bog to the madhatter server

Finding ways to kick users who have “First Quest Welcome” role but are not active

Replacing Montgomary with stackthat on multisig

Bankless Card -

Tony/Stackthat have to still go through best practices

working w/ Bankless Cards on DevOps related issue.

We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.

We are also looking to build a ci/cd pipeline for this project.

has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.

Monthly Discord message has been posted last week

Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news

Configure the DB w/ BigQuery & TerraForm

Daily Summary

Risk council started by Tertius to look at forms of risk for the DAO

Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec

No updates at the moment but underway

Treasury's initiative of standardizing accounting process DAO wide

Discord policy update to enforce a restriction on accounts younger that 2 days

L2 Moderations

Stackthat - take them away and grant the projects moderations

Discussed various options

Things kicking people/banning peopel

Do announcement draft -

Kick off this season

Give them them a couple of months to enroll into the new “mod role” program

New “mod role”

Strip roles form - “Level 2 (Contributor)”

Season 8 funding - Post on forum on April 7th

https://docs.google.com/document/d/1AKYqFBf6quPXdXREz6R2VZme0rHd72bL8-ycG2NFsx0/edit#

Action Items

Adding Stackthat.eth to multisig instead of Montgomery

to work on connecting a BigQuery DB to crawler

to configure TerraForm for this

to continue working on InfoSec bot

to reach out to DevOps to create a list discord members with administrator access.

to work an article for Phishing campaign for next week.

to monitor funding issue w/ GC

Domain Migration

Partnerships

Bankless ConsultingMarketing materials needs improvement.

StackThat & Tony working w/ Bankless Card to work fix their hosting issues.

BanklessDAO InfoSec Meeting 51

Created

Apr 26, 2023

Tags

Meeting Date

‣

Attendees

Dysan, bogdrakonov.eth, Stackthat.eth, Tony Stark, Puretayo

Goals for Season 7

Add to Google Workspace if financing and requirements make sense

infrastructure repo permissions added

https://github.com/BanklessDAO/infrastructure/pull/15

Stackthat.eth will be added to the mutli-sig to replace montgomery

Team: Increase Bankless Consulting <> InfoSec Offerings

This in turn creates revenue for the DAO

✅ Close AWS Account - CompletedIt’s deprecated and no resources should be running in it. We are not offering AWS as a service.
Cloudflare controls DNS and domain registration now
This will further our goal of migrating off JumpCloud for SSO to Google Workspace or an alternative
Discord plus Cloudflare ZTA? https://github.com/Erisa/discord-oidc-worker

Focus on access control both inside and outside of Discord

JumpCloud

SAML

Discord OIDC?

Discord role audit continuing

Tony.Stark

working on web crawler Kapture bot

Machine Learning Project on Kapture

Adding some Mad Hatter logic to not grant Guest Pass without First Quest Complete

We’d like to consider having it revoke manually added Guest Passes as well so this logic can be enforced

This will happen once First Quest is fixed. We’re going to work with them on that

downl0re - Education

Weekly the past month

Currently Published Educational Articles/Posts 2

Weekly rollup newsletter - 02/17/23

DeFi download newsletter -

vaultwarden documentation

stackthat.eth

Discord Audit / Cleanup continuation

Continue infrastructure additions/maintenance

Extend vaultwarden to InfoSec team members

Machine Learning Project on Kapture

Dysan

Planning / Tracking KPI’s

Discord Management

Discord Audit / Cleanup continuation

Weekly Review

InfoSec to go back to using discord InfoSec worklog channel for task management.

InfoSec still working to ratify S7 funding issue with GC.

Work log

Limiting access to L2

Small Mod team - infosec/admins (discord level permissions)

Mods (subset of L2) - 1/4 of L2s

Chan management privileges

No user’s moderations privileges

L2 Contributor Roles (stripping the access)

Find the last activity

Someone losing moderation doesn’t have to lose L2 Contributors..

Weekly Infosec

Preface No Links

Where do you buy your hardware wallet from?

a) Vendor/hardware wallet website

b) Ebay.com

c) Amazon.com

d) Walmart

How do you find what the vendor website is?

Droste.eth Infosec Podcast, best infosec practices

Series/multiple episode

Elios Labs - https://eleoslabs.io/

Security Company.

Watches dangerous transactions/Contracts/etc.. (may allow front running bad transactions)

D0wnlore/Bog will work with Droste

GC issues with template

Tony/Stack working on the website

Content

Added system-logs channel

Deprecate SAML Connection from jumpcloud to google.

Will have to work with marketing

Stackthat cleaned up terraform resources for AWS

Tony is planning to add logic to madhatter that requires people to have “First Quest Complete”

Tony will be inviting Bog to the madhatter server

Finding ways to kick users who have “First Quest Welcome” role but are not active

Replacing Montgomary with stackthat on multisig

Bankless Card -

Tony/Stackthat have to still go through best practices

working w/ Bankless Cards on DevOps related issue.

We are working on containerization of taxman and bankless card main website repo and deploying it to either digital ocean or github pages.

We are also looking to build a ci/cd pipeline for this project.

has been working on an InfoSec bot for advanced moderation and combat recent phishing wave in the DAO.

Monthly Discord message has been posted last week

Tony working on web crawler Kapture for InfoSec Website for InfoSec content/news

Configure the DB w/ BigQuery & TerraForm

Daily Summary

Risk council started by Tertius to look at forms of risk for the DAO

Currently a multi-guild collaboration, d0wnlore will be the liason for InfoSec

No updates at the moment but underway

Treasury's initiative of standardizing accounting process DAO wide

Discord policy update to enforce a restriction on accounts younger that 2 days

L2 Moderations

Stackthat - take them away and grant the projects moderations

Discussed various options

Things kicking people/banning peopel

Do announcement draft -

Kick off this season

Give them them a couple of months to enroll into the new “mod role” program

New “mod role”

Strip roles form - “Level 2 (Contributor)”

Season 8 funding - Post on forum on April 7th

https://docs.google.com/document/d/1AKYqFBf6quPXdXREz6R2VZme0rHd72bL8-ycG2NFsx0/edit#

Action Items

Adding Stackthat.eth to multisig instead of Montgomery

to work on connecting a BigQuery DB to crawler

to configure TerraForm for this

to continue working on InfoSec bot

to reach out to DevOps to create a list discord members with administrator access.

to work an article for Phishing campaign for next week.

to monitor funding issue w/ GC

Domain Migration

Partnerships

Bankless ConsultingMarketing materials needs improvement.

StackThat & Tony working w/ Bankless Card to work fix their hosting issues.