Cyber Range Essentials
Cyber Range Essentials
Construct a Hybrid Cloud-Physical Lab with Ansible and Terraform
About the Book
Cyber Range Essentials is a practical guide that will walk you through the creation of a foundational cyber range built with modern DevOps tooling such as Ansible and Terraform. You will use practices such as:
- Zero-Trust Networking
in order to build a remotely accessible, hybrid cloud-physical environment with:
- Google Workspace
Along the way, you'll learn about modern Auth N&Z protocols such as OIDC and SAML, and much more. With this lab, you'll be able to practice malware analysis, defensive cybersecurity, and red-teaming all in a safe (and cost-effective) environment!
- Prerequisite Knowledge
- Who might benefit from this course?
- What You Will Build
- ACEPC AK1 Mini PC
- Raspberry Pi 4 Model B/4GB
- Cisco SG350-10 10-Port Managed Switch
- Dell T420
- Protectli Vault 4-Port Firewall Appliance / Micro PC
- Capital Expenditure
- Operational Expenditure
- Physical Size, Modularity, and Power Consumption
- Virtual Portability
- Remote Access
- How The Book Is Structured
- Running the Code
Building the Bootstrap Host
- All About Ansible
- Inventory and Installation
- Terraform versus Ansible
Constructing the Network
VyOS Initial Configuration
- Layer 2 Segmentation for Security
- VLAN Descriptions
- Outbound Communications
- Connecting the Router to the Enveloping Network
- Network Inventory Distinctions
Networking on VyOS
- Router-on-a-Stick versus Alternatives
- Network Address Translation (NAT)
- Authentication and Authorization Considerations
- VyOS Initial Configuration
Segmenting the Network at Layer 2
- Initial Configuration
- Connecting the Switch to the Network
- iOS Inventory
VLAN to Port Assignments
- Distinguishing Access Ports from Trunk Ports
Building the Firewalls
- VyOS Firewall Basics
- Global Ingress Rules
- Global Egress Rules
- Inter-VLAN Ingress Rules
Initial Cloud Integration: AWS, Cloudflare, and GWorkspace
- Amazon Web Services (AWS)
Google Workspace (GWorkspace, formerly known as GSuite)
- Email Considerations
- Identity Management
- Security Hygiene with Multi-Factor Authentication
- MFA: Virtual Devices versus FIDO U2F
- Creating the Bootstrap Administrator
- Account Architecture
- S3 and Terraform Remote State
- Account Creation
- A Side Note On The Sub-Account Root User
Single Sign-On (SSO): Authentication and Authorization
Local System Authentication on Linux
- Password-Based Local Authentication
- Key-Based Local Authentication
- Additional Hurdles and Solutions with Local Authentication
- Lightweight Directory Access Protocol (LDAP)
- Identity and Access Management (IAM)
- A Better Approach to AuthN & AuthZ
- 10,000 Foot View of SAML
Cloud Identity Simplification
- Problematic Designs
- Improvements via SSO
- GWorkspace versus Jumpcloud
- Mapping Workspace Attributes to AWS
- Creating the SAML App
- Granting a User AWS Permissions
Trust Relationship and Roles Creation
- Why not AWS SSO?
- Terraforming Roles and Relationships Across Accounts
- Local System Authentication on Linux
Proxy Server (prx-01)
- Historical Problems with SSL/TLS
- Lets Encrypt to the Rescue
- Caddy with the Cloudflare Provider
- Proxmox Malware-Analysis Virtualization Server (mal-01)
- Proxy Server (prx-01)
Remote Access with Zero-Trust Networking
- Today’s Standard
- Why Not VPNs?
Configuring the Jump Server
- The Good and the Bad: Secure LDAP (LDAPS) with Google Workspace
- Remote Access with XRDP Server
- Implementation with Cloudflare Access
Install and Configure: Cloudflare Access
- The Big Picture
- Resources Required
- Configuring the Identity Provider
- Creating the Applications
- Creating the Tunnels
Automated and Ad-Hoc Administration
- Configuring the Credentials
SSM Hybrid Management
- Activation Code
- Log Storage with S3
- SSM Encryption In-Transit
- Vault Account
- Systems Account
- Installing the Agent
Updating SSM Preferences
- Pricing Note
- Finishing it Off
- The Result
- Where to Go Next?
- Thank You
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
80% Royalties. Earn $16 on a $20 book.
We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $12 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.