medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac6775cba7102473bb552ae64dc190f1674d1fdb
the_information_nexus/docs/tech_docs/cyber_lab.md

3.8 KiB
Raw Blame History

Certainly! Here's the updated reference guide for setting up your homelab.local Active Directory domain:

Reference Guide: Setting Up homelab.local AD Domain

Introduction

This guide outlines the process for creating an Active Directory (AD) domain, homelab.local, tailored for a comprehensive home network that includes personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT and server equipment. It focuses on security, management, and operational efficiency.

Domain Configuration

Step 1: Domain and Controller Setup

  1. Primary Domain Controller (PDC): Choose a dedicated or virtual server with sufficient resources to run Windows Server. This server will manage the homelab.local domain.

  2. Secondary Domain Controller (SDC): Optional but recommended for redundancy. Can be less resource-intensive and also runs Windows Server.

Step 2: Organizational Units (OUs) and Structure

  1. Create OUs for Major Areas:

    • CyberLab: For cybersecurity research and testing.
    • HomeDevices: For personal and home devices.
    • NAS: For network-attached storage access and management.
    • Users: For managing user accounts and permissions.

  2. Define Sub-OUs:

    • Under CyberLab: Create Testing Environments, Research, Tools.
    • Under NAS: Create Media, Personal Storage, Lab Data.

Step 3: Security Groups and User Accounts

  1. Establish Security Groups:

    • LabAdmins, FamilyMembers, MediaAccess, Guests, with permissions tailored to their needs.

  2. Create User Accounts:

    • Setup Admin Account(s) for AD and resource management.
    • Create individual Family User Accounts and Guest Accounts as needed.
    • Use a clear naming convention for user accounts, e.g., john.doe_001.

Step 4: Network Configuration and Security

  1. Segment LAN/WLAN:

    • Differentiate between CyberLab and HomeDevices networks for security and traffic isolation.

  2. Implement Firewall Rules:

    • Control traffic between network segments, especially protecting CyberLab resources.
    • Create specific firewall rules for each sub-OU within the CyberLab.

Step 5: NAS Configuration and Access

  1. Set Up Storage Areas:

    • Allocate Media, Personal Storage, and Lab Data areas within the NAS, setting appropriate access permissions for each user or group.

  2. NAS Backup Strategy:

    • Implement a separate backup strategy for the NAS, including regular incremental backups to an external drive or cloud storage service.

Step 6: Group Policy Objects (GPOs)

  1. Define Key Policies:

    • Enforce a strong Password Policy, with a stricter policy for the LabAdmins group.
    • Set an Update Policy for automatic Windows updates.
    • Apply Software Restrictions to limit installations on personal and home devices, using a whitelist of approved software.

  2. GPO for NAS Access:

    • Create a dedicated GPO for NAS access, defining user and group permissions for specific shares.

Mermaid Diagram

graph TD;
A[PDC: homelab.local] -->|Manages| B[CyberLab]
A -->|Manages| C[HomeDevices]
A -->|Manages| D[NAS]
A -->|Manages| E[Users]
B --> F[Testing Environments]
B --> G[Research]
B --> H[Tools]
C --> I[Personal Laptops]
C --> J[Smart Home Devices]
D --> K[Media]
D --> L[Personal Storage]
D --> M[Lab Data]
E --> N[Admins]
E --> O[Family]
E --> P[Guests]
N --> Q[Admin Account]
O --> R[Family User Accounts]
P --> S[Guest Accounts]

Conclusion

This updated reference guide provides a comprehensive blueprint for setting up a secure and efficient Active Directory domain for your home network and cybersecurity lab. By following these steps and considering the additional recommendations, you can create a well-organized, manageable environment that supports both your professional and personal digital activities.