the_information_nexus/docs/tech_docs/cyber_lab.md

Certainly! Here's a detailed reference guide with specific information and synthetic data for setting up your homelab.local Active Directory domain:

Reference Guide: Setting Up homelab.local AD Domain

Introduction

This guide provides a step-by-step process for creating the homelab.local Active Directory domain, designed for a home network with personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT equipment. The guide focuses on security, management, and operational efficiency.

Domain Configuration

Step 1: Domain and Controller Setup

1. Primary Domain Controller (PDC):

   • Server Name: DC01
   • OS: Windows Server 2019 Standard
   • IP Address: 192.168.1.10
   • Hardware: Dell PowerEdge R440, 32GB RAM, 2x1TB SSD (RAID 1)

2. Secondary Domain Controller (SDC):

   • Server Name: DC02
   • OS: Windows Server 2019 Standard
   • IP Address: 192.168.1.11
   • Hardware: Dell PowerEdge R440, 16GB RAM, 2x1TB SSD (RAID 1)

Step 2: Organizational Units (OUs) and Structure

1. Create OUs for Major Areas:

   • CyberLab
   • HomeDevices
   • NAS
   • Users

2. Define Sub-OUs:

   • Under CyberLab: Testing Environments, Research, Tools
   • Under NAS: Media, Personal Storage, Lab Data

Step 3: Security Groups and User Accounts

1. Establish Security Groups:

   • LabAdmins: Full access to CyberLab resources
   • FamilyMembers: Access to HomeDevices and Media shares
   • MediaAccess: Read-only access to Media shares
   • Guests: Limited access to guest network and resources

2. Create User Accounts:

   • Admin Account: admin@homelab.local
   • Family User Accounts:
     • john.doe@homelab.local
     • jane.doe@homelab.local
     • alice.doe@homelab.local
   • Guest Account: guest@homelab.local

Step 4: Network Configuration and Security

1. VLANs and Subnets:

   • VLAN 10: CyberLab - 192.168.10.0/24
   • VLAN 20: HomeDevices - 192.168.20.0/24
   • VLAN 30: NAS - 192.168.30.0/24
   • VLAN 40: Management - 192.168.40.0/24

2. Firewall Rules:

   • Allow inbound traffic on VLAN 10 for RDP (TCP/3389), SSH (TCP/22), and HTTP(S) (TCP/80, TCP/443)
   • Allow outbound traffic on VLAN 10 to VLAN 30 for NAS access (SMB, NFS)
   • Allow inbound traffic on VLAN 20 for RDP (TCP/3389) and HTTP(S) (TCP/80, TCP/443)
   • Allow outbound traffic on VLAN 20 to VLAN 30 for NAS access (SMB, NFS)
   • Deny all other traffic between VLANs

Step 5: NAS Configuration and Access

1. NAS Device:

   • Model: Synology DS1819+
   • IP Address: 192.168.30.10
   • Shares:
     • Media: Read-only access for MediaAccess group, read-write for FamilyMembers group
     • Personal Storage: Individual user folders with read-write access for respective users
     • Lab Data: Read-write access for LabAdmins group

2. NAS Backup:

   • Daily incremental backup to external USB drive
   • Weekly full backup to cloud storage (e.g., Backblaze B2)

Step 6: Group Policy Objects (GPOs)

1. Password Policy:

   • Minimum password length: 12 characters
   • Password complexity: Enabled
   • Maximum password age: 90 days
   • LabAdmins Group:
     • Minimum password length: 16 characters
     • Maximum password age: 60 days

2. Windows Update Policy:

   • Automatic updates: Enabled
   • Schedule: Every Sunday at 2:00 AM

3. Software Restriction Policy:

   • Whitelist: C:\Program Files, C:\Program Files (x86)
   • Blacklist: C:\Users\*\AppData\Local\Temp, C:\Windows\Temp

4. NAS Access GPO:

   • Applied to NAS OU
   • Drive mappings:
     • M: for Media share
     • P: for Personal Storage share
     • L: for Lab Data share

Mermaid Diagram

graph TD;
A[PDC: DC01] -->|Manages| B[CyberLab]
A -->|Manages| C[HomeDevices]
A -->|Manages| D[NAS]
A -->|Manages| E[Users]
B --> F[Testing Environments]
B --> G[Research]
B --> H[Tools]
C --> I[john.doe Laptop]
C --> J[jane.doe Laptop]
C --> K[alice.doe Laptop]
C --> L[Smart TV]
D --> M[Media]
D --> N[Personal Storage]
D --> O[Lab Data]
E --> P[admin]
E --> Q[john.doe]
E --> R[jane.doe]
E --> S[alice.doe]
E --> T[guest]

Conclusion

This detailed reference guide provides specific information and examples for setting up the homelab.local Active Directory domain. By following these steps and configurations, you can create a secure, organized, and efficient environment for your home network and cybersecurity lab.

---

Certainly! Here's the updated reference guide for setting up your homelab.local Active Directory domain:

Reference Guide: Setting Up homelab.local AD Domain

Introduction

This guide outlines the process for creating an Active Directory (AD) domain, homelab.local, tailored for a comprehensive home network that includes personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT and server equipment. It focuses on security, management, and operational efficiency.

Domain Configuration

Step 1: Domain and Controller Setup

1. Primary Domain Controller (PDC): Choose a dedicated or virtual server with sufficient resources to run Windows Server. This server will manage the homelab.local domain.

2. Secondary Domain Controller (SDC): Optional but recommended for redundancy. Can be less resource-intensive and also runs Windows Server.

Step 2: Organizational Units (OUs) and Structure

1. Create OUs for Major Areas:

   • CyberLab: For cybersecurity research and testing.
   • HomeDevices: For personal and home devices.
   • NAS: For network-attached storage access and management.
   • Users: For managing user accounts and permissions.

2. Define Sub-OUs:

   • Under CyberLab: Create Testing Environments, Research, Tools.
   • Under NAS: Create Media, Personal Storage, Lab Data.

Step 3: Security Groups and User Accounts

1. Establish Security Groups:

   • LabAdmins, FamilyMembers, MediaAccess, Guests, with permissions tailored to their needs.

2. Create User Accounts:

   • Setup Admin Account(s) for AD and resource management.
   • Create individual Family User Accounts and Guest Accounts as needed.
   • Use a clear naming convention for user accounts, e.g., john.doe_001.

Step 4: Network Configuration and Security

1. Segment LAN/WLAN:

   • Differentiate between CyberLab and HomeDevices networks for security and traffic isolation.

2. Implement Firewall Rules:

   • Control traffic between network segments, especially protecting CyberLab resources.
   • Create specific firewall rules for each sub-OU within the CyberLab.

Step 5: NAS Configuration and Access

1. Set Up Storage Areas:

   • Allocate Media, Personal Storage, and Lab Data areas within the NAS, setting appropriate access permissions for each user or group.

2. NAS Backup Strategy:

   • Implement a separate backup strategy for the NAS, including regular incremental backups to an external drive or cloud storage service.

Step 6: Group Policy Objects (GPOs)

1. Define Key Policies:

   • Enforce a strong Password Policy, with a stricter policy for the LabAdmins group.
   • Set an Update Policy for automatic Windows updates.
   • Apply Software Restrictions to limit installations on personal and home devices, using a whitelist of approved software.

2. GPO for NAS Access:

   • Create a dedicated GPO for NAS access, defining user and group permissions for specific shares.

Mermaid Diagram

graph TD;
A[PDC: homelab.local] -->|Manages| B[CyberLab]
A -->|Manages| C[HomeDevices]
A -->|Manages| D[NAS]
A -->|Manages| E[Users]
B --> F[Testing Environments]
B --> G[Research]
B --> H[Tools]
C --> I[Personal Laptops]
C --> J[Smart Home Devices]
D --> K[Media]
D --> L[Personal Storage]
D --> M[Lab Data]
E --> N[Admins]
E --> O[Family]
E --> P[Guests]
N --> Q[Admin Account]
O --> R[Family User Accounts]
P --> S[Guest Accounts]

Conclusion

This updated reference guide provides a comprehensive blueprint for setting up a secure and efficient Active Directory domain for your home network and cybersecurity lab. By following these steps and considering the additional recommendations, you can create a well-organized, manageable environment that supports both your professional and personal digital activities.