Cyber Range Essentials
Minimum price
Suggested price

Cyber Range Essentials

Construct a Hybrid Cloud-Physical Lab with Ansible and Terraform

About the Book

Cyber Range Essentials is a practical guide that will walk you through the creation of a foundational cyber range built with modern DevOps tooling such as Ansible and Terraform. You will use practices such as:

  • Infrastructure-as-Code
  • Configuration-as-Code
  • Zero-Trust Networking

in order to build a remotely accessible, hybrid cloud-physical environment with:

  • AWS
  • Google Workspace
  • Cloudflare
  • Proxmox

Along the way, you'll learn about modern Auth N&Z protocols such as OIDC and SAML, and much more. With this lab, you'll be able to practice malware analysis, defensive cybersecurity, and red-teaming all in a safe (and cost-effective) environment!

  • Share this book

  • Categories

    • Computers and Programming
    • Computer Security
    • Amazon Web Services
    • AWS
    • Infrastructure as Code
    • Docker
    • Terraform
  • Feedback

    Email the Author(s)

About the Author

Nicholas McKinney
Nicholas McKinney

Nicholas McKinney received a bachelors in Computer Science and currently works in blue-team cybersecurity, using modern practices such as Infrastructure-as-Code and Configuration-as-Code daily as part of detection engineering.

Table of Contents

  • Introduction
    • Prerequisite Knowledge
    • Who might benefit from this course?
    • What You Will Build
    • Recommended Hardware
      • ACEPC AK1 Mini PC
      • Raspberry Pi 4 Model B/4GB
      • Cisco SG350-10 10-Port Managed Switch
      • Dell T420
      • Protectli Vault 4-Port Firewall Appliance / Micro PC
    • Lab Constraints
      • Capital Expenditure
      • Operational Expenditure
      • Physical Size, Modularity, and Power Consumption
      • Virtual Portability
      • Remote Access
    • How The Book Is Structured
    • Running the Code
  • Building the Bootstrap Host
    • All About Ansible
    • Inventory and Installation
    • Final Steps
      • Terraform versus Ansible
  • Constructing the Network
    • VyOS Initial Configuration
      • Links
    • VLAN Design
      • Layer 2 Segmentation for Security
      • VLAN Descriptions
      • Outbound Communications
      • Connecting the Router to the Enveloping Network
      • Network Inventory Distinctions
    • Networking on VyOS
      • Router-on-a-Stick versus Alternatives
      • Network Address Translation (NAT)
      • Authentication and Authorization Considerations
  • Segmenting the Network at Layer 2
    • Initial Configuration
    • Connecting the Switch to the Network
    • iOS Inventory
    • VLAN to Port Assignments
      • Distinguishing Access Ports from Trunk Ports
  • Building the Firewalls
    • VyOS Firewall Basics
    • Global Ingress Rules
    • Global Egress Rules
    • Inter-VLAN Ingress Rules
  • Initial Cloud Integration: AWS, Cloudflare, and GWorkspace
      • Amazon Web Services (AWS)
      • Cloudflare
      • Google Workspace (GWorkspace, formerly known as GSuite)
        • Email Considerations
        • Identity Management
    • Cloudflare
    • GWorkspace
    • AWS
      • Security Hygiene with Multi-Factor Authentication
      • MFA: Virtual Devices versus FIDO U2F
      • Creating the Bootstrap Administrator
      • Account Architecture
      • S3 and Terraform Remote State
      • Account Creation
      • A Side Note On The Sub-Account Root User
    • Single Sign-On (SSO): Authentication and Authorization
      • Local System Authentication on Linux
        • Password-Based Local Authentication
        • Key-Based Local Authentication
        • Additional Hurdles and Solutions with Local Authentication
      • Lightweight Directory Access Protocol (LDAP)
      • Identity and Access Management (IAM)
      • A Better Approach to AuthN & AuthZ
      • 10,000 Foot View of SAML
      • Cloud Identity Simplification
        • Problematic Designs
        • Improvements via SSO
      • GWorkspace versus Jumpcloud
      • GWorkspace Setup
        • Mapping Workspace Attributes to AWS
        • Creating the SAML App
        • Granting a User AWS Permissions
      • Trust Relationship and Roles Creation
        • Why not AWS SSO?
        • Terraforming Roles and Relationships Across Accounts
  • Core Services
    • Proxy Server (prx-01)
      • DNS
      • Caddy
        • Historical Problems with SSL/TLS
        • Lets Encrypt to the Rescue
        • Caddy with the Cloudflare Provider
    • Proxmox Malware-Analysis Virtualization Server (mal-01)
  • Remote Access with Zero-Trust Networking
    • Today’s Standard
    • Why Not VPNs?
    • Configuring the Jump Server
      • The Good and the Bad: Secure LDAP (LDAPS) with Google Workspace
      • Remote Access with XRDP Server
    • Implementation with Cloudflare Access
    • Install and Configure: Cloudflare Access
      • The Big Picture
      • Resources Required
      • Configuring the Identity Provider
      • Creating the Applications
      • Creating the Tunnels
  • Automated and Ad-Hoc Administration
    • Configuring the Credentials
    • SSM Hybrid Management
      • Activation Code
      • Log Storage with S3
      • SSM Encryption In-Transit
    • Log Replication
      • Vault Account
      • Systems Account
    • Installing the Agent
    • Updating SSM Preferences
      • Pricing Note
      • Finishing it Off
    • The Result
  • Conclusion
    • Where to Go Next?
    • Thank You

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $12 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub