Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Cyber Range Essentials

Construct a Hybrid Cloud-Physical Lab with Ansible and Terraform

Nicholas McKinney

Use modern DevOps practices such as Infrastructure-as-Code and Configuration-as-Code in order to build a Zero-Trust cyber range!

Minimum price

$25.99

$30.00

You pay

$30.00

Author earns

$24.00
$

...Or Buy With Credits!

You can get credits monthly with a Reader Membership
PDF
EPUB
WEB
About

About

About the Book

Cyber Range Essentials is a practical guide that will walk you through the creation of a foundational cyber range built with modern DevOps tooling such as Ansible and Terraform. You will use practices such as:

  • Infrastructure-as-Code
  • Configuration-as-Code
  • Zero-Trust Networking

in order to build a remotely accessible, hybrid cloud-physical environment with:

  • AWS
  • Google Workspace
  • Cloudflare
  • Proxmox

Along the way, you'll learn about modern Auth N&Z protocols such as OIDC and SAML, and much more. With this lab, you'll be able to practice malware analysis, defensive cybersecurity, and red-teaming all in a safe (and cost-effective) environment!

Share this book

Categories

Computers and ProgrammingComputer SecurityAmazon Web ServicesAWSInfrastructure as CodeDockerTerraform

Feedback

Email the Author

Author

About the Author

Nicholas McKinney

Contents

Table of Contents

Introduction

  1. Prerequisite Knowledge
  2. Who might benefit from this course?
  3. What You Will Build
  4. Recommended Hardware
  5. ACEPC AK1 Mini PC
  6. Raspberry Pi 4 Model B/4GB
  7. Cisco SG350-10 10-Port Managed Switch
  8. Dell T420
  9. Protectli Vault 4-Port Firewall Appliance / Micro PC
  10. Lab Constraints
  11. Capital Expenditure
  12. Operational Expenditure
  13. Physical Size, Modularity, and Power Consumption
  14. Virtual Portability
  15. Remote Access
  16. How The Book Is Structured
  17. Running the Code

Building the Bootstrap Host

  1. All About Ansible
  2. run.sh
  3. Inventory and Installation
  4. Final Steps
  5. Terraform versus Ansible

Constructing the Network

  1. VyOS Initial Configuration
  2. Links
  3. VLAN Design
  4. Layer 2 Segmentation for Security
  5. VLAN Descriptions
  6. Outbound Communications
  7. Connecting the Router to the Enveloping Network
  8. Network Inventory Distinctions
  9. Networking on VyOS
  10. Router-on-a-Stick versus Alternatives
  11. Network Address Translation (NAT)
  12. Authentication and Authorization Considerations

Segmenting the Network at Layer 2

  1. Initial Configuration
  2. Connecting the Switch to the Network
  3. iOS Inventory
  4. VLAN to Port Assignments
  5. Distinguishing Access Ports from Trunk Ports

Building the Firewalls

  1. VyOS Firewall Basics
  2. Global Ingress Rules
  3. Global Egress Rules
  4. Inter-VLAN Ingress Rules

Initial Cloud Integration: AWS, Cloudflare, and GWorkspace

  1. Amazon Web Services (AWS)
  2. Cloudflare
  3. Google Workspace (GWorkspace, formerly known as GSuite)
  4. Email Considerations
  5. Identity Management
  6. Cloudflare
  7. GWorkspace
  8. AWS
  9. Security Hygiene with Multi-Factor Authentication
  10. MFA: Virtual Devices versus FIDO U2F
  11. Creating the Bootstrap Administrator
  12. Account Architecture
  13. S3 and Terraform Remote State
  14. Account Creation
  15. A Side Note On The Sub-Account Root User
  16. Single Sign-On (SSO): Authentication and Authorization
  17. Local System Authentication on Linux
  18. Password-Based Local Authentication
  19. Key-Based Local Authentication
  20. Additional Hurdles and Solutions with Local Authentication
  21. Lightweight Directory Access Protocol (LDAP)
  22. Identity and Access Management (IAM)
  23. A Better Approach to AuthN & AuthZ
  24. 10,000 Foot View of SAML
  25. Cloud Identity Simplification
  26. Problematic Designs
  27. Improvements via SSO
  28. GWorkspace versus Jumpcloud
  29. GWorkspace Setup
  30. Mapping Workspace Attributes to AWS
  31. Creating the SAML App
  32. Granting a User AWS Permissions
  33. Trust Relationship and Roles Creation
  34. Why not AWS SSO?
  35. Terraforming Roles and Relationships Across Accounts

Core Services

  1. Proxy Server (prx-01)
  2. DNS
  3. Caddy
  4. Historical Problems with SSL/TLS
  5. Lets Encrypt to the Rescue
  6. Caddy with the Cloudflare Provider
  7. Proxmox Malware-Analysis Virtualization Server (mal-01)

Remote Access with Zero-Trust Networking

  1. Today’s Standard
  2. Why Not VPNs?
  3. Configuring the Jump Server
  4. The Good and the Bad: Secure LDAP (LDAPS) with Google Workspace
  5. Remote Access with XRDP Server
  6. Implementation with Cloudflare Access
  7. Install and Configure: Cloudflare Access
  8. The Big Picture
  9. Resources Required
  10. Configuring the Identity Provider
  11. Creating the Applications
  12. Creating the Tunnels

Automated and Ad-Hoc Administration

  1. Configuring the Credentials
  2. SSM Hybrid Management
  3. Activation Code
  4. Log Storage with S3
  5. SSM Encryption In-Transit
  6. Log Replication
  7. Vault Account
  8. Systems Account
  9. Installing the Agent
  10. Updating SSM Preferences
  11. Pricing Note
  12. Finishing it Off
  13. The Result

Conclusion

  1. Where to Go Next?
  2. Thank You

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub