Update docs/tech_docs/cyber_lab.md

2024-04-10 06:32:42 +00:00
parent ac6775cba7
commit 8a9e808595
1 changed files with 137 additions and 0 deletions
--- a/docs/tech_docs/cyber_lab.md
+++ b/docs/tech_docs/cyber_lab.md
@@ -1,3 +1,140 @@
+Certainly! Here's a detailed reference guide with specific information and synthetic data for setting up your `homelab.local` Active Directory domain:
+
+# Reference Guide: Setting Up `homelab.local` AD Domain
+
+## Introduction
+
+This guide provides a step-by-step process for creating the `homelab.local` Active Directory domain, designed for a home network with personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT equipment. The guide focuses on security, management, and operational efficiency.
+
+## Domain Configuration
+
+### Step 1: Domain and Controller Setup
+
+1. **Primary Domain Controller (PDC):**
+   - Server Name: `DC01`
+   - OS: Windows Server 2019 Standard
+   - IP Address: `192.168.1.10`
+   - Hardware: Dell PowerEdge R440, 32GB RAM, 2x1TB SSD (RAID 1)
+
+2. **Secondary Domain Controller (SDC):**
+   - Server Name: `DC02`
+   - OS: Windows Server 2019 Standard
+   - IP Address: `192.168.1.11`
+   - Hardware: Dell PowerEdge R440, 16GB RAM, 2x1TB SSD (RAID 1)
+
+### Step 2: Organizational Units (OUs) and Structure
+
+1. **Create OUs for Major Areas:**
+   - `CyberLab`
+   - `HomeDevices`
+   - `NAS`
+   - `Users`
+
+2. **Define Sub-OUs:**
+   - Under `CyberLab`: `Testing Environments`, `Research`, `Tools`
+   - Under `NAS`: `Media`, `Personal Storage`, `Lab Data`
+
+### Step 3: Security Groups and User Accounts
+
+1. **Establish Security Groups:**
+   - `LabAdmins`: Full access to CyberLab resources
+   - `FamilyMembers`: Access to HomeDevices and Media shares
+   - `MediaAccess`: Read-only access to Media shares
+   - `Guests`: Limited access to guest network and resources
+
+2. **Create User Accounts:**
+   - Admin Account: `admin@homelab.local`
+   - Family User Accounts:
+     - `john.doe@homelab.local`
+     - `jane.doe@homelab.local`
+     - `alice.doe@homelab.local`
+   - Guest Account: `guest@homelab.local`
+
+### Step 4: Network Configuration and Security
+
+1. **VLANs and Subnets:**
+   - `VLAN 10`: CyberLab - `192.168.10.0/24`
+   - `VLAN 20`: HomeDevices - `192.168.20.0/24`
+   - `VLAN 30`: NAS - `192.168.30.0/24`
+   - `VLAN 40`: Management - `192.168.40.0/24`
+
+2. **Firewall Rules:**
+   - Allow inbound traffic on `VLAN 10` for RDP (TCP/3389), SSH (TCP/22), and HTTP(S) (TCP/80, TCP/443)
+   - Allow outbound traffic on `VLAN 10` to `VLAN 30` for NAS access (SMB, NFS)
+   - Allow inbound traffic on `VLAN 20` for RDP (TCP/3389) and HTTP(S) (TCP/80, TCP/443)
+   - Allow outbound traffic on `VLAN 20` to `VLAN 30` for NAS access (SMB, NFS)
+   - Deny all other traffic between VLANs
+
+### Step 5: NAS Configuration and Access
+
+1. **NAS Device:**
+   - Model: Synology DS1819+
+   - IP Address: `192.168.30.10`
+   - Shares:
+     - `Media`: Read-only access for `MediaAccess` group, read-write for `FamilyMembers` group
+     - `Personal Storage`: Individual user folders with read-write access for respective users
+     - `Lab Data`: Read-write access for `LabAdmins` group
+
+2. **NAS Backup:**
+   - Daily incremental backup to external USB drive
+   - Weekly full backup to cloud storage (e.g., Backblaze B2)
+
+### Step 6: Group Policy Objects (GPOs)
+
+1. **Password Policy:**
+   - Minimum password length: 12 characters
+   - Password complexity: Enabled
+   - Maximum password age: 90 days
+   - LabAdmins Group:
+     - Minimum password length: 16 characters
+     - Maximum password age: 60 days
+
+2. **Windows Update Policy:**
+   - Automatic updates: Enabled
+   - Schedule: Every Sunday at 2:00 AM
+
+3. **Software Restriction Policy:**
+   - Whitelist: `C:\Program Files`, `C:\Program Files (x86)`
+   - Blacklist: `C:\Users\*\AppData\Local\Temp`, `C:\Windows\Temp`
+
+4. **NAS Access GPO:**
+   - Applied to `NAS` OU
+   - Drive mappings:
+     - `M:` for `Media` share
+     - `P:` for `Personal Storage` share
+     - `L:` for `Lab Data` share
+
+## Mermaid Diagram
+
+```mermaid
+graph TD;
+A[PDC: DC01] -->|Manages| B[CyberLab]
+A -->|Manages| C[HomeDevices]
+A -->|Manages| D[NAS]
+A -->|Manages| E[Users]
+B --> F[Testing Environments]
+B --> G[Research]
+B --> H[Tools]
+C --> I[john.doe Laptop]
+C --> J[jane.doe Laptop]
+C --> K[alice.doe Laptop]
+C --> L[Smart TV]
+D --> M[Media]
+D --> N[Personal Storage]
+D --> O[Lab Data]
+E --> P[admin]
+E --> Q[john.doe]
+E --> R[jane.doe]
+E --> S[alice.doe]
+E --> T[guest]
+```
+
+## Conclusion
+
+This detailed reference guide provides specific information and examples for setting up the `homelab.local` Active Directory domain. By following these steps and configurations, you can create a secure, organized, and efficient environment for your home network and cybersecurity lab.
+
+---
+
 Certainly! Here's the updated reference guide for setting up your `homelab.local` Active Directory domain:

 # Reference Guide: Setting Up `homelab.local` AD Domain