Welcome to my journey of continuous discovery. Enjoy your visit.

Ugli Scripting
Ugli Scripting
  • Home
  • Blog
  • .PY
    • Python 2.7 on Windows
    • Python 2.7 on Ubuntu
    • Python 2.7 IDE Set up
    • Run Python Script via CLI
    • Adding Python Packages
    • Basic REST API
  • .PS1
    • Install AD Module Win 10
    • Connecting to MSO and EOP
    • Storing Script Variables
    • Storing Secure Strings
    • Storing User Credentials
    • Basic REST API
  • Sample Integrations
    • Isolate SEP Clients
    • Force Password Change
    • o365 Account Remediation
    • Threat Response Lists
    • Endpoint Scripts
  • SITQ Lab
    • Lab Resources
    • AD Lab Account Imports
    • DLP Sample
  • More
    • Home
    • Blog
    • .PY
      • Python 2.7 on Windows
      • Python 2.7 on Ubuntu
      • Python 2.7 IDE Set up
      • Run Python Script via CLI
      • Adding Python Packages
      • Basic REST API
    • .PS1
      • Install AD Module Win 10
      • Connecting to MSO and EOP
      • Storing Script Variables
      • Storing Secure Strings
      • Storing User Credentials
      • Basic REST API
    • Sample Integrations
      • Isolate SEP Clients
      • Force Password Change
      • o365 Account Remediation
      • Threat Response Lists
      • Endpoint Scripts
    • SITQ Lab
      • Lab Resources
      • AD Lab Account Imports
      • DLP Sample
  • Home
  • Blog
  • .PY
    • Python 2.7 on Windows
    • Python 2.7 on Ubuntu
    • Python 2.7 IDE Set up
    • Run Python Script via CLI
    • Adding Python Packages
    • Basic REST API
  • .PS1
    • Install AD Module Win 10
    • Connecting to MSO and EOP
    • Storing Script Variables
    • Storing Secure Strings
    • Storing User Credentials
    • Basic REST API
  • Sample Integrations
    • Isolate SEP Clients
    • Force Password Change
    • o365 Account Remediation
    • Threat Response Lists
    • Endpoint Scripts
  • SITQ Lab
    • Lab Resources
    • AD Lab Account Imports
    • DLP Sample

Network

Infrastructure Overview

Network Switches

Because I am running VMware (ESXi) on a Laptop (Lenovo P51) all me hosts will need to use the single Ethernet port.  I am not concerned about congestion using the single interface, because most of the traffic is between other VMware guests.  But I do need to be able to isolate WAN, DMZ and LAN networks.


My primary switch is a HP Procurve 24-port managed switch that support VLANs.  I like this switch because it also supports a broadcast or span port which makes it easy to test security software that requires a network sniffer or TAP.


VLAN Configuration


WAN includes 3 ports

          -Cable Modem (includes 5 Public IPs)

          -Firewall WAN or Internet

          -open for sniffer or Tap


LAN includes 8 ports

          -All system on 192.168.1.0/24


DMZ includes 8 ports

          -All system on 192.168.2.0/24


LAN/DMZ/DMZ has 1 port (VLAN tagged )

          -My ESXi host is VLAN enabled and uses this port.



Firewall Configuration

You need to have a good firewall.  I don;t host anything private or business confidential in my lab, so I don't expect to be a target.  Never the less, I don't want to worry about it.  I good firewall will also have VPN support.  Going back to Public IPs and Certificates, it makes it super convenient to be able to securely access any resource from any internet connection.


First thing to do is pick a firewall.  I use a  pfSense firewall.  It isn't overly intuitive, I am willing to sacrifice ease-of-use for functionality.  If you don't have firewall experience, I would recommend buying a business class firewall versus do it yourself.


Sense I selected pfSense, I nee a platform to run it.  I recommend spending a few hundred dollars on a device like "Qotom Industrial PC Gateway Firewall Router". Simple copy the last phrase and paste it in Amazon.  There are hundreds of sellers.


Firewall Appliance

          -Qotom Q190G4-S01 Industrial PC Gateway Firewall Router for pfSense

          -Intel Celeron J1900

          -4G RAM

          -32G SSD

          -4 Gigabit LAN

Invest in Public IPs and Certificates

In order to host internet facing systems you need a Public IP or IPs.  You can use dynamic DNS and port-forwarding to a limited extent, but eventually you will want to access or host internet services for testing.


By combining Public IPs with Certificates you will be able to securely host services and be able to connect to those services from anywhere.


Check out Go Daddy

Hardware

Lab Systems

ESXi Host

My ESXi host is the heart-and-soul of my lab.  I currently host between 15-18 systems on a single server.


See my post on Lab Hardware for recommendations.


Specifications:

          -Intel(R) Xeon CPU E3-1505M v5 @ 2.80GHz

          -64GB ECC RAM

          -2 x 512GB PCIe SSD

          - 1 TB SATA SSD



Active-Directory Instances

I currently have two separate Active-Directories.  Locally I have a Windows 2012r2 directory with approximately 50 test accounts.  I also have 5 accounts in a Microsoft Office 365 Azure directory.


Operating Systems

          - Windows 7, 8, 10 and 2012r2

          - Ubuntu v16

Building Blocks

Copyright © 2018 Ugli Scripting - All Rights Reserved.

  • Blog
  • CV

Powered by GoDaddy