Nov 2 from 2:00 PM-3:00 PM EST
https://join.skype.com/uohKGgCNMBSG
- Google Doc
- Old Business (Action items from last meeting)
- Call for use cases: https://groups.google.com/forum/#!searchin/islandora/security$20interest$20group$20use$20cases%7Csort:relevance/islandora/YGBMUU4OSM8/sBg9pRvJBwAJ
- Confirm the response team email works: done
- Develop Insight: Continuing to structure and develop a plan (Example to use for headings, not content)
- Policy and Guidance (more info on how the interest group works and how to report a vulnerability)
- Resources (e.g. Arachni, Kali linux for penetration testing, metasploit)
- Training
- Toolkits
- Notices (how we do them)
- Hardening production servers
- Create use cases on the claw github for the use cases from the group.
- Engage Sysadmins: what things do we do to be secure (e.g. using Drupal's DB layer instead of SQL directly, or locking down port 8080) - Everyone in ISIG and hopefully the rest of the community
- Ask the Islandora mailing list for such brainstorms - Glorious Tech Leader Danny
December 7 from 2:00 PM-3:00 PM EST Chair: Will Panting
- Danny Lamb (chair)
- Rosie Le Faive (note-taker)
- Don Richards
- Ed Fujikawa
- Jordan Dukart
- Irfan Rahman
- Melissa Anez
- Jonathan Green
- Marcus Barnes
- Only 2 use cases for security policies were collected. Drupal will do most things, but XACML or WEBAC will be available for more security. Danny expressed desire to pull over XACML editor for folks who
- With Kali Linux you can be a script kiddie and test your own box with a bundle of tools and known exploits.