Ja Windows 7 Home Premium With Sp1 X64 Dvd U 676548.iso
Katja Gains
The next step to finish off my client machine setup is to add my Linux machine to the domain. I am going to join Ubuntu to Active Directory so I can use the domain accounts to authenticate and login. Once joined, I login with my admin account to test. The first step is to prepare the client machine by setting the hostname and changing DHCP settings.
Now that my hostname is fixed, the next step is to configure the DNS domain and set it to the internal Active Directory domain. You can make this change by adding the line to resolv.conf, but since I am using DHCP I set the search domain on my firewall which is my DHCP server. Both options are shown below.
Joining Ubuntu to Active Directory is a multi-step process where I will use the terminal. The actual domain join is a single command, but after that I am going to take some additional steps to set up the users. The first step is to use realm to discover and then join the domain. Realm discover is used to obtain information about the domain and also list the required packages to connect, which I installed already in the previous step.
Now I need to set up home directories, which I can do using pam_mkhomedir. I first used nano to edit mkhomedir in /usr/share/pam-configs. Following the Manpage, I decided to stick with the default umask and skeleton directory settings.
To test login, I will use SSH to access the Ubuntu machine from my Windows 10 admin machine. If everything is set up correctly I should be able to SSH without specifying a login name from Windows 10 while logged in as BAdmin, and then enter a sudo command.
Sadly, my plans with my budget private cloud did not work out. Long story short, I moved internationally twice since I initially made plans to build that cloud. The first move was to Japan, and the second to Italy. Through each of those moves I lost two servers. On the upside, I have plans for the remaining three servers: a better home hacking and lab using Proxmox.
After taking a year off I am back to making Pluralsight courses. I recently published Security Onion Basic Concepts and Functionality. I am currently working on a new course: Command and Control with Sliver. While creating the new course, I decided that I needed a better lab to simulate an actual network and make use of the Globomantics domain. Globomantics is a fake company Pluralsight uses for demos. I decided to take some old servers I had from a previous project, drew up a design for a potential network, and got to work. The design I came up with is below.
The design includes a firewall with separate internal and DMZ networks. The DMZ contains a vulnerable web server from VulnHub, a DNS server using Pi-Hole, and an email server running iRedMail. The DMZ is used because I want to keep the vulnerable hosts separate from the internal network. The internal network is a Microsoft Active Directory domain with a few workstations and a file server. I included one Ubuntu workstation as well that is joined to the domain. For security I have a firewall running pfsense and a Security Onion server acting as an IDS and SIEM.
On the external side I have a Kali Linux VM that is my main workstation for hacking, along with a phishing LXC running Gophish. I also have another Pi-Hole DNS server running that the internal network forwards requests to. This allows me to configure DNS records for fake websites without having to register actual domains.
The biggest issue I will face is the available RAM with the amount of machines I plan to run. So, I will make use of Linux Containers (LXC) where possible to reduce the resources required for particular services. I should be able to use an LXC for DNS, email, and the phishing server because these services use fewer resources.
For this build I am going to create posts about each step that serve as a guide for anyone looking to build something similar. The first post in that series will show the VMhost cluster and cover software defined networking installation.
Before I can pursue these builds, I need to upgrade my home network and lab and select a platform. I currently have 3 old used servers (2 Dell PowerEdge R510s and an HP Proliant DL360) for the cloud. For networking, I have ancient Cisco switch. I think I can get by with the old switch for now, but my a small private cloud requires more servers. I can use the private cloud to provision networks to test out capabilities, learn, and design. These can also hold prototypes and proof of concepts for demonstrations. For the private cloud I selected Openstack as my platform. This will allow me to provision instances using Terraform, and have more flexibility with networking configuration. I can also avoid a large AWS and Azure bill while I experiment with different configurations. The only thing that will suffer is my power bill ?.
I was able to find 2 Dell PowerEdge R610s for $157 each, well within budget. My shipping costs to my location are really high, so I have to keep that in mind. Even with the shipping costs, I still consider these a bargain and they meet my needs. These servers also come from the same vendor as my previous purchases (PC Server and Parts), so I know they will arrive in good condition and operate well.
Next I need a firewall appliance, for this I am going straight to a vendor because their site is a lot cheaper than Amazon. This appliance from Protectli has 4 NICs, a quad core processor, and a small SSD. This is more than enough to run pfsense (and it was already tested for it), so it will easily meet my needs and be a step up from my current options for under $300.
With those 2 purchases I have all the equipment I will need, and significantly under my max budget! The only other purchase I might make is a rack to store the equipment and a PDU. For now, I just have to wait for them to arrive. I plan to start sometime in December. While I wait, I am going to work on my remote access solutions, determine what IDS/IPS I am going to use (Suricata, Snort, or Bro), and finalize my design of how this will all fit together.
This post is a break from my typical posts around the build out of my home hacking lab or anything to do with Pluralsight. I decided to document the beginning of a process of building my own app by explaining the reasons behind it.
To achieve everything I want to achieve, I will need a system. To create a system, I need to do a combination of setting measurable goals for the next year, and creating habits that will lead their achievement.
Based on my larger long term goals above, I decided to set measurables goals for achievement in the next year. These goals will help me improve multiple aspects of my life and be a better me. I am still working out every specific goal and building the habits around it. My plan is to document in their own posts tied to each category because each are worth their own post.
I realized in planning this out that I would need a good place to track all of my goals, habits, and progress toward them. Since one of my goals is to build something of my own and gain the independence and freedom that comes with it, building my own app is the perfect way to get started. There are other benefits outside of independence and freedom. Building this will help me brush up on my coding skills. I will learn a new programming language, and gain experience creating a modern web application.
7fc3f7cf58