Network Archiecture & Segmentation

Demonstrates the deployment of a centralized identity infrastructure to manage authentication, authorization, and domain-based access control within the Home SOC environment.

 Step-By-Step 

Step 1: Download Windows Server 2025 ISO

1. Go to Microsoft’s official evaluation page:
   https://www.microsoft.com/en-us/evalcenter/

2. Click Windows Server 2025 Evaluation (ISO).

3. Select ISO – Standard Edition → Continue.

4. Fill out the required form and download the file.

5. Save the .iso file to your Downloads folder.

Step 2: Create a New Virtual Machine in VirtualBox

1. Open VirtualBox → click New.

2. Name: Windows Server 2025.

3. Type: Microsoft Windows.

4. Version: Windows 2022 (64-bit) (Windows 2025 uses the same template).

5. Click Next.

Step 3: Allocate Memory and CPU

1. Set Memory (RAM): 4096–8192 MB (4–8 GB).

2. Assign Processors: 2 or more.

3. Click Next.

Step 4: Create a Virtual Hard Disk

1. Choose Create a virtual hard disk now → Create.

2. Select VDI (VirtualBox Disk Image).

3. Choose Dynamically allocated.

4. Set size to 50 GB → Create.

Step 5: Configure Network Settings

1. Go to Settings → Network.

2. Choose Adapter 1 → NAT(for interncet access if needed.

3. Click OK.

Step 6: Start the Installation

1. Click Start  to boot the VM.

2. Select your language → click Next → Install Now.

3. Choose Windows Server 2025 Standard (Desktop Experience).

4. Click Next → Accept License → Custom Install.

5. Select the unallocated drive → click Next.

6. Wait for installation to finish and VM to reboot.

Step 7: Set Administrator Password

1. Once installation completes, enter a strong Administrator password (e.g., LakeTown@2025!).

2. Log in using:

   • Username: Administrator

   • Password: (your new password)

Step 8: Rename the Server

1. Click Start → Server Manager → Local Server.

2. Click the computer name (e.g., WIN-XXXX).

3. Click Change → set name to LTDC-AD01 (LakeTown Domain Controller 01).

4. Click OK → Restart Now.

Step 9: Install Active Directory Domain Services (AD DS)

1. Open Server Manager → Manage → Add Roles and Features.

2. Click Next until you reach Server Roles.

3. Check Active Directory Domain Services → click Next → Install.

4. Wait until the installation completes

Step 10: Promote the Server to a Domain Controller

1. In Server Manager, click the yellow flag → Promote this server to a domain controller.

2. Choose Add a new forest.

3. Enter domain name:  laketown.local.

4. Set a Directory Services Restore Mode (DSRM) password (e.g., LakeTown#Secure1).

5. Click Next until Install is available → click Install.

6. The system will reboot automatically.

Step 11: Verify Active Directory Setup

1. Log in using:
   Username: laketown\Administrator
   Password: (your admin password)

2. Open Server Manager → Tools → Active Directory Users and Computers.

3. Confirm that the domain laketown.local appears.

4. Ready to create Users, Organizational Units (OUs), and Groups.

Highlights the use of Group Policy Objects to enforce security baselines, password policies, and system configurations across domain-joined endpoints.

Step-by-Step

Open Server Manager> Tools>Group policy management 

In the console tree, expand the domain, Right click Group Policy Objects and select new. 

Give GPO a descriptive name and click ok. 

Locate GPO in the Group Policy Objects List. 

Right-Click the GPO and select Edit to Open the Group Policy Management Editor

Navigate the console tree (e.g., Computer Configuration or User Configuration) to find the policy you want to configure. 

Double-Click the policy setting, modify the settings as needed, and click ok. (Password settings)> each policy, click enter value, then hit apply, ok.

Account lock out policy settings 

when you are finished, close the Group Policy Management Editor Window. 

9.In the Group Policy Management Console, locate the organizational unit (OU) to which you want to apply the policy. 

10.Right click the OU and select Link an Existing GPO. 

In the dialog box, select your newly created GPO from the list and click ok. 

The GPO will automatically start applying to users and computers in the linked OU after the next group policy refresh intervals. 

13.To force the policy to apply immediately, run the following command on the client computers. 

Details the application of Linux hardening measures, including secure configurations, service restrictions, and access controls to reduce attack surface.

Step-By-Step

Update Kali Linux  

open powershell in Kali Linux

command prompt: sudo apt update

Installed UFW command prompt: sudo apt install ufw

Step 3

Set default policies

command prompt: sudo ufw default deny incoming; sudo ufw default allow outgoing

Step 4

Denies all incoming connections by default an allows all outgoing connections. 

Allow SSH Traffic. 

Command prompt: sudo ufw allow ssh

Step 5

Allows incoming connections on the default ssh port (22/tcp) 

command: sudo ufw enable 

Step 6

Check UFW Status, confirm with 'y' when prompted:

Step 7

Configure SSH: 

Sudo apt update; sudo apt install openssh-server (already updated and installed to latest version)

Step 8

Start SSH Service: sudo systemctl start ssh, Enable SSH to start on boot: sudo systemctl enable ssh, Verify SSH Status: sudo systemctl status ssh

Step 9

Configure security: edit the SSH configuration file : sudo nano/etc/ssh/ssh_config

Step 10

make desired changes, uncomment and change Port 22 to a different port, set PermitRootLogin no, then restart the SSH service : sudo systemctl restart ssh

Details the application of Linux hardening measures, including secure configurations, service restrictions, and access controls to reduce attack surface.

Step-By-Step

Verify Requirements

Windows Pro/Enterprise edition; enable BitLocker without TPM via Group Policy.

Open BitLocker

Control Panel → BitLocker Drive Encryption.

Enable Encryption

Click Turn on BitLocker for Drive C:.

Command Prompt: Windows Key +R type gpedit.msc, click ok.

Choose Unlock Method

Select Password or USB Key to unlock.

Save Recovery Key

Svave as file or print the recovery key for backup.

Start Encryption

Begin encryption → wait for progress to finish.

Reboot & Verify

Restart system → BitLocker asks for unlock key (if enabled).

Showcases the implementation of role-based access controls and user privilege management to reduce unauthorized access and enforce least-privilege principles.

Step-By-Step

Step 1 

Go to Tools

Go to Active Directory users and computers

Step 2

Right click on ad.laketown.com

Right click on selected new

Selected organizational unit

Step 3 

Input HSCO_Users

Hit ok 

Repeat for HSOC_Computer, and HSOC_Admins, uncheck protect container from accidental deletion so that containers can be moved and deleted during lab.

Step 4

Add users in ADUC

Standard User : In HSOC_User

Right click the empty space

Click new

Select user

Input users first and last name and logon name

Step 5

Select Next, create password, deselect option that user must change password at next logon (for labs only)

Step 6

Select Next,  summary screen, hit finish

Step 7

Create admin user 

Add to Domain Admins: 

Right click new

Select user

Input user information

Strong password

Finish

Step 8

Add admin user to Domains: 

Right click admin user

Select properties

Select members of tab

Select member

Select add

 Then ok, ok