From 83afd8a2fd183813a02aa4063f241dc67076a79a Mon Sep 17 00:00:00 2001 From: medusa Date: Wed, 10 Apr 2024 06:13:19 +0000 Subject: [PATCH] Update docs/tech_docs/cyber_lab.md --- docs/tech_docs/cyber_lab.md | 84 +++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 41 deletions(-) diff --git a/docs/tech_docs/cyber_lab.md b/docs/tech_docs/cyber_lab.md index 300c293..149bba1 100644 --- a/docs/tech_docs/cyber_lab.md +++ b/docs/tech_docs/cyber_lab.md @@ -1,63 +1,63 @@ -To provide a more detailed guide for setting up an Active Directory (AD) domain `homelab.local` tailored for your home environment, including a cybersecurity lab, home LAN/WLAN, NAS, laptops, IT equipment, and servers, we’ll delve deeper into the specifics. This setup aims to enhance management, security, and operational efficiency across all devices and users in your home network. +To refine our discussion into a final draft for setting up an Active Directory (AD) domain `homelab.local` for your home, including a detailed cybersecurity lab and efficient management of your home network, NAS, laptops, and other IT equipment, we'll structure the guide with precise steps and configurations. -## Detailed Active Directory Domain Setup for Home Use +# Final Guide: Setting Up `homelab.local` AD Domain -### Domain Name: `homelab.local` +## Introduction -- **Primary Domain Controller (PDC):** A robust machine (physical or virtual) that runs Windows Server, designated to manage the domain `homelab.local`. -- **Secondary Domain Controller (SDC):** Optional but recommended for redundancy, can be a less powerful machine or virtual instance. +This guide outlines the process for creating an Active Directory (AD) domain, `homelab.local`, tailored for a comprehensive home network that includes personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT and server equipment. It focuses on security, management, and operational efficiency. -### Organizational Units (OUs) Structure +## Domain Configuration -1. **CyberLab:** - - Purpose: Contains resources specifically for cybersecurity research and testing. - - Sub-OUs: `Testing Environments`, `Research`, `Tools`. +### Step 1: Domain and Controller Setup -2. **HomeDevices:** - - Purpose: Manages personal and home devices. - - Sub-OUs: `Personal Laptops`, `Smart Home Devices`. +1. **Primary Domain Controller (PDC):** Choose a dedicated or virtual server with sufficient resources to run Windows Server. This server will manage the `homelab.local` domain. + +2. **Secondary Domain Controller (SDC):** Optional but recommended for redundancy. Can be less resource-intensive and also runs Windows Server. -3. **NAS:** - - Purpose: Organizes access to different NAS functionalities. - - Sub-OUs: `Media`, `Personal Storage`, `Lab Data`. +### Step 2: Organizational Units (OUs) and Structure -4. **Users:** - - Purpose: Manages all user accounts. - - Sub-OUs: `Admins`, `Family`, `Guests`. +1. **Create OUs for Major Areas:** + - `CyberLab`: For cybersecurity research and testing. + - `HomeDevices`: For personal and home devices. + - `NAS`: For network-attached storage access and management. + - `Users`: For managing user accounts and permissions. -### Security Groups +2. **Define Sub-OUs:** + - Under `CyberLab`: Create `Testing Environments`, `Research`, `Tools`. + - Under `NAS`: Create `Media`, `Personal Storage`, `Lab Data`. -- **LabAdmins:** Full access to CyberLab resources. -- **FamilyMembers:** Standard access to home devices, personal storage, and media. -- **MediaAccess:** Special access to media storage on the NAS. -- **Guests:** Restricted access to certain home devices and internet. +### Step 3: Security Groups and User Accounts -### User Accounts +1. **Establish Security Groups:** + - `LabAdmins`, `FamilyMembers`, `MediaAccess`, `Guests`, with permissions tailored to their needs. -- **Admin Account(s):** For managing AD and critical resources. -- **Family User Accounts:** Individual accounts for family members with appropriate access rights. -- **Guest Accounts:** Temporary accounts for visitors, with internet access and limited resource access. +2. **Create User Accounts:** + - Setup `Admin Account(s)` for AD and resource management. + - Create individual `Family User Accounts` and `Guest Accounts` as needed. -### Network Configuration and Security +### Step 4: Network Configuration and Security -- **LAN/WLAN Segmentation:** Separate networks for `CyberLab` and `HomeDevices` to isolate traffic and enhance security. -- **Firewall and Access Rules:** Configure firewall rules to control traffic between segments and protect sensitive resources in the `CyberLab`. +1. **Segment LAN/WLAN:** + - Differentiate between `CyberLab` and `HomeDevices` networks for security and traffic isolation. -### NAS Configuration +2. **Implement Firewall Rules:** + - Control traffic between network segments, especially protecting `CyberLab` resources. -- **Media Storage:** Shared storage for family media like photos, videos, and music. -- **Personal Storage:** Private folders for each family member. -- **Lab Data:** Storage for cybersecurity research, tools, and data. +### Step 5: NAS Configuration and Access -### GPOs for Security and Management +1. **Set Up Storage Areas:** + - Allocate `Media`, `Personal Storage`, and `Lab Data` areas within the NAS, setting appropriate access permissions for each user or group. -- **Password Policy:** Strong passwords for all users, with regular mandatory changes. -- **Update Policy:** Automatic updates for Windows devices to ensure security patches are applied. -- **Software Restrictions:** Limit software installation on `HomeDevices` to prevent malware. +### Step 6: Group Policy Objects (GPOs) -## Mermaid Diagram for Enhanced Detail +1. **Define Key Policies:** + - Enforce a strong `Password Policy`. + - Set an `Update Policy` for automatic Windows updates. + - Apply `Software Restrictions` to limit installations on personal and home devices. -Here’s a more detailed Mermaid diagram for your setup: +## Enhanced Mermaid Diagram + +To accompany the final guide, the following Mermaid diagram provides a visual representation of the `homelab.local` setup: ```mermaid graph TD; @@ -86,4 +86,6 @@ graph TD; P --> S[Guest Accounts] ``` -This enhanced setup and diagram provide a more granular view of how to structure your home AD domain, focusing on both cybersecurity lab needs and home networking requirements. By following this detailed guide, you can create a secure, manageable, and efficient environment that supports both your professional and personal digital life. \ No newline at end of file +## Conclusion + +This guide and diagram serve as a comprehensive blueprint for setting up a secure and efficient Active Directory domain for your home network and cybersecurity lab. By following these steps, you can create a well-organized, manageable environment that supports both your professional and personal digital activities. \ No newline at end of file