Add docs/tech_docs/cyber_lab.md

docs/tech_docs/cyber_lab.md

@@ -0,0 +1,89 @@
+To provide a more detailed guide for setting up an Active Directory (AD) domain `homelab.local` tailored for your home environment, including a cybersecurity lab, home LAN/WLAN, NAS, laptops, IT equipment, and servers, we’ll delve deeper into the specifics. This setup aims to enhance management, security, and operational efficiency across all devices and users in your home network.
+
+## Detailed Active Directory Domain Setup for Home Use
+
+### Domain Name: `homelab.local`
+
+- **Primary Domain Controller (PDC):** A robust machine (physical or virtual) that runs Windows Server, designated to manage the domain `homelab.local`.
+- **Secondary Domain Controller (SDC):** Optional but recommended for redundancy, can be a less powerful machine or virtual instance.
+
+### Organizational Units (OUs) Structure
+
+1. **CyberLab:**
+   - Purpose: Contains resources specifically for cybersecurity research and testing.
+   - Sub-OUs: `Testing Environments`, `Research`, `Tools`.
+
+2. **HomeDevices:**
+   - Purpose: Manages personal and home devices.
+   - Sub-OUs: `Personal Laptops`, `Smart Home Devices`.
+
+3. **NAS:**
+   - Purpose: Organizes access to different NAS functionalities.
+   - Sub-OUs: `Media`, `Personal Storage`, `Lab Data`.
+
+4. **Users:**
+   - Purpose: Manages all user accounts.
+   - Sub-OUs: `Admins`, `Family`, `Guests`.
+
+### Security Groups
+
+- **LabAdmins:** Full access to CyberLab resources.
+- **FamilyMembers:** Standard access to home devices, personal storage, and media.
+- **MediaAccess:** Special access to media storage on the NAS.
+- **Guests:** Restricted access to certain home devices and internet.
+
+### User Accounts
+
+- **Admin Account(s):** For managing AD and critical resources.
+- **Family User Accounts:** Individual accounts for family members with appropriate access rights.
+- **Guest Accounts:** Temporary accounts for visitors, with internet access and limited resource access.
+
+### Network Configuration and Security
+
+- **LAN/WLAN Segmentation:** Separate networks for `CyberLab` and `HomeDevices` to isolate traffic and enhance security.
+- **Firewall and Access Rules:** Configure firewall rules to control traffic between segments and protect sensitive resources in the `CyberLab`.
+
+### NAS Configuration
+
+- **Media Storage:** Shared storage for family media like photos, videos, and music.
+- **Personal Storage:** Private folders for each family member.
+- **Lab Data:** Storage for cybersecurity research, tools, and data.
+
+### GPOs for Security and Management
+
+- **Password Policy:** Strong passwords for all users, with regular mandatory changes.
+- **Update Policy:** Automatic updates for Windows devices to ensure security patches are applied.
+- **Software Restrictions:** Limit software installation on `HomeDevices` to prevent malware.
+
+## Mermaid Diagram for Enhanced Detail
+
+Here’s a more detailed Mermaid diagram for your setup:
+
+```mermaid
+graph TD;
+    A[PDC: homelab.local] -->|Manages| B[CyberLab]
+    A -->|Manages| C[HomeDevices]
+    A -->|Manages| D[NAS]
+    A -->|Manages| E[Users]
+
+    B --> F[Testing Environments]
+    B --> G[Research]
+    B --> H[Tools]
+
+    C --> I[Personal Laptops]
+    C --> J[Smart Home Devices]
+
+    D --> K[Media]
+    D --> L[Personal Storage]
+    D --> M[Lab Data]
+
+    E --> N[Admins]
+    E --> O[Family]
+    E --> P[Guests]
+
+    N --> Q[Admin Account]
+    O --> R[Family User Accounts]
+    P --> S[Guest Accounts]
+```
+
+This enhanced setup and diagram provide a more granular view of how to structure your home AD domain, focusing on both cybersecurity lab needs and home networking requirements. By following this detailed guide, you can create a secure, manageable, and efficient environment that supports both your professional and personal digital life.