Roadmap (Next Phase)
Purpose
This page defines the short-term security priorities for the Scheol Security Lab.
The objective is to:
- focus efforts on the most impactful improvements
- reduce exposure on critical risks
- provide a clear and actionable direction for the next phase
- ensure alignment between backlog, risks and implementation
This roadmap is directly derived from the Improvement Backlog.
Scope
The roadmap focuses on:
- high priority improvements
- dependencies required to unlock other controls
- foundational capabilities (access, logging, segmentation)
It does not aim to cover all backlog items.
Current Priorities
1. Secure Administrative Access Path
Objective Enforce controlled and traceable administrative access.
Related Risks
Actions
- introduce bastion-based access model
- restrict direct SSH access to systems
- enforce MFA for administrative accounts
Expected Outcome
- reduced risk of credential compromise
- improved traceability of administrative actions
2. Centralize Logging & Improve Visibility
Objective Establish baseline visibility across all critical systems.
Related Risks
- R-001 – Reverse proxy misconfiguration
- R-002 – Web application compromise
- R-003 – Administrative access compromise
Actions
- deploy centralized logging solution (Wazuh)
- configure log forwarding from VPS and internal systems
- ensure log retention and accessibility
Expected Outcome
- improved detection capability
- better investigation and validation support
3. Strengthen Reverse Proxy & Exposure Control
Objective Reduce unintended service exposure.
Related Risks
Actions
- review and restrict reverse proxy routing rules
- validate exposed endpoints
- enforce explicit allow-only configurations
Expected Outcome
- reduced attack surface
- improved control over exposed services
4. Enforce Network Segmentation (Initial Phase)
Objective Limit lateral movement between zones.
Related Risks
Actions
- define and apply basic inter-zone firewall rules
- restrict unnecessary communication paths
- validate flows between Heaven and Hell
Expected Outcome
- improved containment in case of compromise
- clearer trust boundaries
5. Improve Validation Coverage
Objective Ensure controls are actually effective.
Related Risks
Actions
- execute initial verification scenarios (SSH, exposure, logging)
- document results and generate evidence (E-XXX)
- identify gaps between expected and observed behavior
Expected Outcome
- better understanding of control effectiveness
- identification of hidden weaknesses
Dependencies
Some improvements depend on others:
- centralized logging → required for effective validation and detection
- bastion implementation → prerequisite for strong access control
- segmentation → improves effectiveness of monitoring and detection
Out of Scope (Current Phase)
The following are intentionally deferred:
- full identity centralization (LDAP / AD)
- advanced detection rules and correlation
- complete service separation across infrastructure
- automated validation workflows
These will be addressed in future phases once foundational controls are in place.
Review & Update
The roadmap must be:
- reviewed regularly (monthly or after major change)
- updated based on:
- backlog evolution
- validation results
- newly identified risks
Success Criteria
The next phase is considered successful if:
- administrative access is controlled and traceable
- basic centralized logging is operational
- exposed services are reviewed and restricted
- initial validation scenarios are executed
- key high-risk gaps are reduced
This roadmap provides a focused and realistic direction for improving the security posture of the Scheol Security Lab in its current stage.