CIS Capstone
CIS 2987
The CIS Capstone course has students apply the technical and interpersonal skills they've learned throughout their program. The student chooses a final project to demonstrate these skills. To get ready to enter the workplace the student creates a resume, cover letters, and e-portfolio.
CIS 2987: CIS Capstone
Project Proposal
Jasmine Keola
Active Directory Implementation for Cyberdyne Systems
Cyberdyne is a newly formed robotics company that creates and develops robotic parts and AI. They currently have 30 employees, and all orders are placed online through their website. They are getting set up in a new office space and want to implement an Active Directory network that includes the following features:
· Two Windows Server 2019 Domain Controllers
o One should have DNS configured
o Configure replication
o Configure secure remote management
· One Windows Server 2019 File and Print Server
· One Windows Server 2019 DHCP Server
· One Linux Security Onion IDS Server
· One Linux PFSense Firewall
o Configure appropriate firewall rules
· 25 Windows 10 client computers connected to cyberdyne.com domain (only two will be made for testing purposes)
· Five Linux client computers connected to cyberdyne.com domain (one implemented for testing)
· There should be 6 AD Organizational Units, 6 groups, and 30 Users:
o Administration (3 staff)
o Engineering (9 staff)
o Research and Development (7 staff)
o Sales (5 staff)
o Marketing (4 staff)
o HR (2 staff)
· Each department should have its own shared folder on the file server
o Each folder should have sub-folders and appropriate permissions.
o Implement file recovery for the shared folders using volume shadow copies.
· Use Microsoft Visio to set up a network topology diagram.
· Each department should be in a different subnet.
· Use Group Policy to implement the following measures(and others):
o Restrict Software Installations
o Account policies:
· Password Minimum Length
· Password max and min age
· Account Lockout Policies
o Don’t allow removable media (USB, DVD, CD Floppy Drives)
o Restrict Command Prompt access
o Prevent Windows from Storing LAN Manager Hash
o Moderating Access to Control Panel
o Restrict the ability to turn off Windows Defender
o Disable forced system restarts
o Disable Guest Accounts
o Disable Anonymous SID Enumeration
Project management software should be used to document each step thoroughly and be used to report progress back to Cyberdyne.
Timetable
· Deploy two Windows Server 2019 Domain Controllers (4 hours)
o One should have DNS configured (2 hours)
o Configure replication (1 hour)
o Configure secure remote management (2 hours)
· Deploy one Windows Server 2019 File and Print Server (2 hours)
· Deploy and configure Windows Server 2019 DHCP Server (3 hours)
· Deploy Linux Security Onion IDS Server (5 hours)
· Deploy PFSense Firewall (3 hours)
o Configure appropriate firewall rules (3 hours)
· Deploy two Windows 10 client computers (2 hours)
· Deploy one Linux client computer (1 hour)
· Create AD Organizational Units, six groups, and 30 Users (3 hours)
· Create 6 shared folders (1 hour)
o Create 6 subfolders and add permissions (3 hours)
o Implement file recovery for the shared folders using volume shadow copies (2 hours)
· Create a network topology diagram with Microsoft Visio (2 hours)
· Implement Group Policy rules (10 hours)
· Document process using project management software (8 hours)
Total estimate time to completion: 57 hours
· Week #1 – Design network topology.
· Week #2 – Deploy domain controllers and DNS server, replication, and remote management. Begin project management work.
· Week #3 – Deploy DHCP server, and file and print server.
· Week #4 – Deploy client computers.
· Week #5 – Deploy IDS Server and Firewall and configure firewall rules. Send first report to management.
· Week #6 – Creation of OUs, groups, and users. Create shared folders and permissions. Implement file recovery using volume
shadow copies.
· Week #7 – Implement Group Policies.
· Week #8 – Test the system including logins and group policies from all workstations. Complete documentation and final report.
Video Walkthrough of Final Report
Final Report
Summary
I set up a virtual network for Cyberdyne Systems which is meant to simulate a real network. The network is an Active Directory network that consists of two Domain Controllers, a DHCP server, a file and print server, a firewall, and client computers. Specific details of deployment will be listed below. I used Asana Project Management software to manage the project and Visio to design the network topology.
Project Timeline
Configuration Process
Configure Two Domain Controllers
Install Windows Server 2019 Datacenter on two different VM’s (DC1 and DC2).
Network settings on DC1 and DC2.
Local configuration for DC1 and DC2.
Configuration options for Active Directory on DC1.
Configuration options for Active Directory on DC2.
DNS Configuration
Network Topology
Configure File and Print Server
I installed Windows Server 2019 Datacenter.
Local configuration of the file and print server.
I created a storage pool to set up shares on later in the setup. I originally was going to use iSCSI but switched to regular SMB file sharing.
Added print services.
Added DHCP Server
Windows Server 2019 Desktop Experience installed. VMWare has a DHCP feature, and I was not able to override the VMware DHCP setting to allow my DHCP server to work, unfortunately. I tried using both a NAT network and a private network.
Local DHCP server settings.
Creating a DHCP scope.
Six scopes created, one subnet for each department.
I could not get DHCP to be recognized on my network. I had to use DHCP through the virtual network editor in VMWare.
Configure Two Windows Client Computers
Network configuration with DHCP, hostname, and cyberdyne.com domain connected to two Windows clients.
Install and Configure Ubuntu Client
Ubuntu installation.
Connecting to Active Directory.
Connected to a domain.
Installing pfSense Firewall
VM Settings. The Bridged adapter is the WAN adapter, and the NAT is the LAN adapter. The firewall sits in between the WAN and LAN.
pfSense disk configuration
Pings on each side of the network show network connectivity
LAN network working:
WAN network working:
Internet connectivity:
Configure LAN rules in the pfSense firewall web interface
All inbound WAN traffic is blocked:
Security Onion IDS Installation
NAT adapter (ens33) connects to the Cyberdyne network, the bridged adapter (ens34) is the listener adapter.
Configuration settings.
Unfortunately, the installation kept failing and I wasn’t able to successfully install.
Creates Users OU’s and Groups
30 Users configured. Six OU’s and six groups. Engineering OU below.
Engineering Group.
Creating Share Folders
Creating shares on the NS1 file server.
Selecting the pool on NS1 to store shares.
Security settings
All six shares created
Create Subfolders and Set Permissions
Editing permissions for Engineering share. Allowed Engineering group to read/write/execute and Administrators have Full Control.
Mapping a shared drive on a Windows 10 client.
Successful connection to share from Windows 10 computer. Showing that I am on Windows 10 and logged in as Bob Harris. Subfolders created in HR share for each user.
Project Management Software
I used Asana Project Management software to keep track of due dates and share project details.
Unfinished Tasks
Implement Group Policy settings: I had less time than I anticipated to finish this project. I thought we had 8 weeks and planned it that way.
Implement file recovery and volume shadow copies
Configure replication DCs
Add secure remote management to DC
Deploy IDS: I had problems getting the IDS to install. I believe it is a hardware configuration problem. I recently built a new computer and have had some issues getting certain things to run.
Conclusion
This project was a lot of fun to work on; almost everything went as planned. If I had two more weeks to work on this, I would implement Group Policy rules and tighten up security in a few areas that I was planning on.