From c24a27b8f7ebc2e2032b0bbbc2155c0909cb7658 Mon Sep 17 00:00:00 2001 From: medusa Date: Wed, 10 Apr 2024 05:06:13 +0000 Subject: [PATCH] Add docs/tech_docs/cyber_lab.md --- docs/tech_docs/cyber_lab.md | 89 +++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 docs/tech_docs/cyber_lab.md diff --git a/docs/tech_docs/cyber_lab.md b/docs/tech_docs/cyber_lab.md new file mode 100644 index 0000000..300c293 --- /dev/null +++ b/docs/tech_docs/cyber_lab.md @@ -0,0 +1,89 @@ +To provide a more detailed guide for setting up an Active Directory (AD) domain `homelab.local` tailored for your home environment, including a cybersecurity lab, home LAN/WLAN, NAS, laptops, IT equipment, and servers, we’ll delve deeper into the specifics. This setup aims to enhance management, security, and operational efficiency across all devices and users in your home network. + +## Detailed Active Directory Domain Setup for Home Use + +### Domain Name: `homelab.local` + +- **Primary Domain Controller (PDC):** A robust machine (physical or virtual) that runs Windows Server, designated to manage the domain `homelab.local`. +- **Secondary Domain Controller (SDC):** Optional but recommended for redundancy, can be a less powerful machine or virtual instance. + +### Organizational Units (OUs) Structure + +1. **CyberLab:** + - Purpose: Contains resources specifically for cybersecurity research and testing. + - Sub-OUs: `Testing Environments`, `Research`, `Tools`. + +2. **HomeDevices:** + - Purpose: Manages personal and home devices. + - Sub-OUs: `Personal Laptops`, `Smart Home Devices`. + +3. **NAS:** + - Purpose: Organizes access to different NAS functionalities. + - Sub-OUs: `Media`, `Personal Storage`, `Lab Data`. + +4. **Users:** + - Purpose: Manages all user accounts. + - Sub-OUs: `Admins`, `Family`, `Guests`. + +### Security Groups + +- **LabAdmins:** Full access to CyberLab resources. +- **FamilyMembers:** Standard access to home devices, personal storage, and media. +- **MediaAccess:** Special access to media storage on the NAS. +- **Guests:** Restricted access to certain home devices and internet. + +### User Accounts + +- **Admin Account(s):** For managing AD and critical resources. +- **Family User Accounts:** Individual accounts for family members with appropriate access rights. +- **Guest Accounts:** Temporary accounts for visitors, with internet access and limited resource access. + +### Network Configuration and Security + +- **LAN/WLAN Segmentation:** Separate networks for `CyberLab` and `HomeDevices` to isolate traffic and enhance security. +- **Firewall and Access Rules:** Configure firewall rules to control traffic between segments and protect sensitive resources in the `CyberLab`. + +### NAS Configuration + +- **Media Storage:** Shared storage for family media like photos, videos, and music. +- **Personal Storage:** Private folders for each family member. +- **Lab Data:** Storage for cybersecurity research, tools, and data. + +### GPOs for Security and Management + +- **Password Policy:** Strong passwords for all users, with regular mandatory changes. +- **Update Policy:** Automatic updates for Windows devices to ensure security patches are applied. +- **Software Restrictions:** Limit software installation on `HomeDevices` to prevent malware. + +## Mermaid Diagram for Enhanced Detail + +Here’s a more detailed Mermaid diagram for your setup: + +```mermaid +graph TD; + A[PDC: homelab.local] -->|Manages| B[CyberLab] + A -->|Manages| C[HomeDevices] + A -->|Manages| D[NAS] + A -->|Manages| E[Users] + + B --> F[Testing Environments] + B --> G[Research] + B --> H[Tools] + + C --> I[Personal Laptops] + C --> J[Smart Home Devices] + + D --> K[Media] + D --> L[Personal Storage] + D --> M[Lab Data] + + E --> N[Admins] + E --> O[Family] + E --> P[Guests] + + N --> Q[Admin Account] + O --> R[Family User Accounts] + P --> S[Guest Accounts] +``` + +This enhanced setup and diagram provide a more granular view of how to structure your home AD domain, focusing on both cybersecurity lab needs and home networking requirements. By following this detailed guide, you can create a secure, manageable, and efficient environment that supports both your professional and personal digital life. \ No newline at end of file