Residual Gaps
Purpose
This page documents the actual remaining security weaknesses of the Scheol Security Lab.
The objective is to:
- provide a clear view of what is not yet under control
- highlight high-impact exposure points
- support risk-driven prioritisation
This page reflects the current reality of the lab, not a theoretical target.
Key Principle
Residual gaps are expected and accepted at this stage.
The goal is not to eliminate all gaps, but to:
- understand them
- prioritise them
- reduce them progressively
Critical Gaps (High Priority)
1. Uncontrolled Administrative Access Path
Description
- No bastion host
- Administrative access partially direct (SSH)
- No strong isolation between personal and admin environments
Impacted Risk
Impact
- Full infrastructure compromise possible
Priority 🔴 Critical
2. Lack of Network Segmentation
Description
- No strong isolation between services
- Trust zones defined but not enforced
- Potential lateral movement between components
Impacted Risk
Impact
- Compromise of one service may lead to full environment compromise
Priority 🔴 Critical
3. Absence of Centralized Logging & Detection
Description
- Logs mostly local
- No SIEM or correlation
- No reliable detection capability
Impacted Risks
- R-001 - Reverse proxy misconfiguration exposing internal services
- R-002 - Web application compromise leading to data exposure
- R-003 - Compromise of credentials leading to administrative access
Impact
- Attacks may remain undetected
Priority 🔴 Critical
Important Gaps (Medium Priority)
4. Weak Data Isolation (Dolibarr / DB)
Description
- Application and database not strongly isolated
- No strict access control between components
Impacted Risk
Impact
- Data exposure in case of application compromise
Priority 🟠 High
5. Incomplete Application Hardening
Description
- Hardening not consistent across services
- No formal vulnerability management
Impacted Risk
Impact
- Increased likelihood of exploitation
Priority 🟠 High
Structural / Deferred Gaps (Accepted)
6. No Centralized Identity Provider
Description
- No LDAP / AD
- Identity still decentralized
Impact
- Limited access control consistency
Priority 🟡 Medium (Deferred)
7. Backup Strategy Not Fully Mature
Description
- Reliance on snapshots
- No immutable external backups yet
Impact
- Recovery limitations in worst-case scenarios
Priority 🟡 Medium (Planned)
Gap Prioritisation Logic
Gaps are prioritised based on:
- direct link to current risks (R-001 to R-003)
- exposure level (Internet-facing vs internal)
- impact on full compromise scenarios
Priority levels:
- 🔴 Critical → must be addressed early
- 🟠 High → important but not blocking
- 🟡 Medium → accepted or planned
Key Takeaways
- The lab is currently most exposed through administrative access and lateral movement
- Detection capability is the weakest point across all risks
- Some gaps are intentional and aligned with lab maturity
Current Maturity
Residual risk exposure is considered high but controlled.
Strengths
- risks are clearly identified
- gaps are explicitly documented
- prioritisation is defined
Weaknesses
- several critical controls not yet implemented
- limited detection capability
- incomplete isolation between components
Evolution Strategy
The next phase should focus on:
- Securing administrative access (bastion)
- Implementing segmentation
- Deploying centralized logging
These actions provide the highest security gain for the lowest complexity increase.