diff --git a/docs/tech_docs/cyber_lab.md b/docs/tech_docs/cyber_lab.md index 21734c9..35e4661 100644 --- a/docs/tech_docs/cyber_lab.md +++ b/docs/tech_docs/cyber_lab.md @@ -1,3 +1,140 @@ +Certainly! Here's a detailed reference guide with specific information and synthetic data for setting up your `homelab.local` Active Directory domain: + +# Reference Guide: Setting Up `homelab.local` AD Domain + +## Introduction + +This guide provides a step-by-step process for creating the `homelab.local` Active Directory domain, designed for a home network with personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT equipment. The guide focuses on security, management, and operational efficiency. + +## Domain Configuration + +### Step 1: Domain and Controller Setup + +1. **Primary Domain Controller (PDC):** + - Server Name: `DC01` + - OS: Windows Server 2019 Standard + - IP Address: `192.168.1.10` + - Hardware: Dell PowerEdge R440, 32GB RAM, 2x1TB SSD (RAID 1) + +2. **Secondary Domain Controller (SDC):** + - Server Name: `DC02` + - OS: Windows Server 2019 Standard + - IP Address: `192.168.1.11` + - Hardware: Dell PowerEdge R440, 16GB RAM, 2x1TB SSD (RAID 1) + +### Step 2: Organizational Units (OUs) and Structure + +1. **Create OUs for Major Areas:** + - `CyberLab` + - `HomeDevices` + - `NAS` + - `Users` + +2. **Define Sub-OUs:** + - Under `CyberLab`: `Testing Environments`, `Research`, `Tools` + - Under `NAS`: `Media`, `Personal Storage`, `Lab Data` + +### Step 3: Security Groups and User Accounts + +1. **Establish Security Groups:** + - `LabAdmins`: Full access to CyberLab resources + - `FamilyMembers`: Access to HomeDevices and Media shares + - `MediaAccess`: Read-only access to Media shares + - `Guests`: Limited access to guest network and resources + +2. **Create User Accounts:** + - Admin Account: `admin@homelab.local` + - Family User Accounts: + - `john.doe@homelab.local` + - `jane.doe@homelab.local` + - `alice.doe@homelab.local` + - Guest Account: `guest@homelab.local` + +### Step 4: Network Configuration and Security + +1. **VLANs and Subnets:** + - `VLAN 10`: CyberLab - `192.168.10.0/24` + - `VLAN 20`: HomeDevices - `192.168.20.0/24` + - `VLAN 30`: NAS - `192.168.30.0/24` + - `VLAN 40`: Management - `192.168.40.0/24` + +2. **Firewall Rules:** + - Allow inbound traffic on `VLAN 10` for RDP (TCP/3389), SSH (TCP/22), and HTTP(S) (TCP/80, TCP/443) + - Allow outbound traffic on `VLAN 10` to `VLAN 30` for NAS access (SMB, NFS) + - Allow inbound traffic on `VLAN 20` for RDP (TCP/3389) and HTTP(S) (TCP/80, TCP/443) + - Allow outbound traffic on `VLAN 20` to `VLAN 30` for NAS access (SMB, NFS) + - Deny all other traffic between VLANs + +### Step 5: NAS Configuration and Access + +1. **NAS Device:** + - Model: Synology DS1819+ + - IP Address: `192.168.30.10` + - Shares: + - `Media`: Read-only access for `MediaAccess` group, read-write for `FamilyMembers` group + - `Personal Storage`: Individual user folders with read-write access for respective users + - `Lab Data`: Read-write access for `LabAdmins` group + +2. **NAS Backup:** + - Daily incremental backup to external USB drive + - Weekly full backup to cloud storage (e.g., Backblaze B2) + +### Step 6: Group Policy Objects (GPOs) + +1. **Password Policy:** + - Minimum password length: 12 characters + - Password complexity: Enabled + - Maximum password age: 90 days + - LabAdmins Group: + - Minimum password length: 16 characters + - Maximum password age: 60 days + +2. **Windows Update Policy:** + - Automatic updates: Enabled + - Schedule: Every Sunday at 2:00 AM + +3. **Software Restriction Policy:** + - Whitelist: `C:\Program Files`, `C:\Program Files (x86)` + - Blacklist: `C:\Users\*\AppData\Local\Temp`, `C:\Windows\Temp` + +4. **NAS Access GPO:** + - Applied to `NAS` OU + - Drive mappings: + - `M:` for `Media` share + - `P:` for `Personal Storage` share + - `L:` for `Lab Data` share + +## Mermaid Diagram + +```mermaid +graph TD; +A[PDC: DC01] -->|Manages| B[CyberLab] +A -->|Manages| C[HomeDevices] +A -->|Manages| D[NAS] +A -->|Manages| E[Users] +B --> F[Testing Environments] +B --> G[Research] +B --> H[Tools] +C --> I[john.doe Laptop] +C --> J[jane.doe Laptop] +C --> K[alice.doe Laptop] +C --> L[Smart TV] +D --> M[Media] +D --> N[Personal Storage] +D --> O[Lab Data] +E --> P[admin] +E --> Q[john.doe] +E --> R[jane.doe] +E --> S[alice.doe] +E --> T[guest] +``` + +## Conclusion + +This detailed reference guide provides specific information and examples for setting up the `homelab.local` Active Directory domain. By following these steps and configurations, you can create a secure, organized, and efficient environment for your home network and cybersecurity lab. + +--- + Certainly! Here's the updated reference guide for setting up your `homelab.local` Active Directory domain: # Reference Guide: Setting Up `homelab.local` AD Domain