How To Create a Logical Diagram | Day 1
Summary
TLDRWelcome to the 30-day My.Defer Sock Analyst Challenge, a program designed to equip aspiring security analysts with practical experience. Hosted by Steven, an 8-year veteran in cybersecurity, the challenge guides participants through setting up a virtual environment using draw.io. It includes creating six servers on a cloud provider, configuring a VPC, and illustrating connections between various servers. The tutorial emphasizes the importance of hands-on skills and logical diagramming, crucial for future cybersecurity professionals.
Takeaways
- 😀 The video introduces a 30-day challenge aimed at helping aspiring security analysts gain practical experience.
- 👨💻 The presenter, Steven, has 8 years of experience in cybersecurity, focusing on security operations, and currently works as a digital forensic and incident response consultant.
- 🎯 The challenge's goal is to boost confidence in hands-on skills and provide the necessary practical experience for security analysts.
- 🛠️ The first task of the challenge is to create a diagram using draw.io, a web-based diagramming tool.
- 🏢 Six servers are to be built as part of the challenge, each with different configurations and roles.
- 🌐 The use of a cloud provider, Vulture, is mentioned for creating the servers, highlighting the importance of cloud environments in cybersecurity.
- 🔗 Connections between servers are to be represented in the diagram, indicating the flow of data and management relationships.
- 🔒 The concept of a VPC (Virtual Private Cloud) is introduced, explaining how it creates a private network for virtual machines in the cloud.
- 🖥️ The diagram includes various types of servers and devices, such as Elastic and Kibana, Windows Server, Ubuntu Server, Fleet server, OS Ticket server, and a C2 server.
- 🏆 A giveaway is mentioned, offering a chance to win a course and access to TryHackMe, encouraging participation and skill development.
Q & A
What is the purpose of the 30-day My.Defer Sock Analyst Challenge?
-The purpose of the challenge is to help aspiring sock analysts gain practical experience and confidence in their hands-on skills within 30 days.
Who is Steven and what is his role in the cybersecurity industry?
-Steven is a digital forensic and incident response consultant with about 8 years of experience in the cybersecurity industry, focusing on security operations. He mentors individuals who want to get into cybersecurity, specifically as a sock analyst.
What is the first step in the challenge according to the video script?
-The first step in the challenge is to go to draw.io to create a diagram for the setup of the challenge.
What is the default name of a new diagram on draw.io?
-The default name of a new diagram on draw.io is 'Untitled diagram'.
How many servers is Steven planning to build for the challenge?
-Steven is planning to build six servers for the challenge.
What is the significance of the red-colored server in the diagram?
-The red-colored server in the diagram represents a C2 (Command and Control) server, which is an important part of the setup for the challenge.
What does VPC stand for in the context of the video script?
-VPC stands for Virtual Private Cloud, which is used to put all virtual machines in the cloud within the same private network.
How does Steven represent the internet in the diagram?
-Steven represents the internet in the diagram with a cloud icon.
What is the private network range that Steven decides to use in the challenge?
-Steven decides to use the private network range 172.31.0.0/24 for the challenge.
What is the prize for the giveaway mentioned in the video script?
-The prize for the giveaway is the My.Defer Sock Analyst course for one lucky winner and three one-month passes for TryHackMe for additional winners.
Why is creating a logical diagram important for a sock analyst?
-Creating a logical diagram is important for a sock analyst as it helps in understanding the flow of the environment and how different components interact, which is a valuable skill in the cybersecurity field.
Outlines
🚀 Introduction to the 30-Day MyDefer Sock Analyst Challenge
Steven, a cybersecurity professional with 8 years of experience, introduces the 30-day MyDefer Sock Analyst Challenge aimed at helping aspiring sock analysts gain practical experience. He shares his background in security operations and digital forensics, emphasizing his role in mentoring newcomers. The challenge is designed to build confidence in hands-on skills. Steven guides viewers to start by using draw.io to create a diagram, explaining the process of selecting shapes, naming the diagram, and customizing its style. He plans to build six servers, each with specific roles, and uses the cloud provider 'vulture' to set up these servers, detailing each server's function and how they interconnect.
🔗 Building the Network Diagram for the Challenge
Steven continues the tutorial by demonstrating how to connect the servers using arrows to represent the flow of data and commands. He explains the concept of a VPC (Virtual Private Cloud) and its role in creating a private network for the virtual machines. He shows how to draw and format a VPC in the diagram. Each server's connection is labeled with its specific function, such as 'managed,' 'alerts/tickets,' and 'forward logs via agent.' Steven also discusses the importance of choosing an appropriate private network range and subnet mask, which he includes in the diagram. He adds an internet gateway and internet connection to the diagram, representing the analyst's and attacker's access points to the network.
🏁 Wrapping Up Day One of the Challenge
Steven concludes the first day of the challenge by reviewing the diagram created, which includes the analyst's laptop, attacker's laptop, various servers, and networking components like the VPC and internet gateway. He emphasizes that the diagram is a work in progress and can be updated as needed. Steven stresses the importance of practice in creating logical diagrams, which will be beneficial for the viewers in their cybersecurity careers. He reminds viewers of the giveaway opportunity, offering a chance to win a MyDefer Sock Analyst course and TryHackMe passes, and encourages participation to enhance practical skills. The video ends with a call to subscribe and a reminder to stay curious and think differently.
Mindmap
Keywords
💡Cyber Security
💡Security Operations
💡Digital Forensics
💡Incident Response
💡Practical Experience
💡draw.io
💡VPC (Virtual Private Cloud)
💡Elastic and Kibana
💡Ubuntu Server
💡Fleet Server
💡C2 (Command and Control)
Highlights
Introduction to the 30-day My Cyber Security Analyst Challenge, designed to provide practical experience to aspiring cyber security analysts.
Steven's background in cyber security and his role as a digital forensic and incident response consultant.
Steven's mentorship of individuals aiming to become cyber security analysts.
The challenge's goal to help participants gain confidence in their hands-on skills.
Instructions on how to start using draw.io for creating diagrams.
Explanation of the general tab features in draw.io for diagram creation.
Guidance on naming and renaming diagrams in draw.io.
Customization options for diagrams, including grid, background color, and shadow settings.
Overview of building a network diagram with six servers using draw.io.
Description of each server's role in the challenge, including Elastic and Cabana, Windows server, Ubuntu server, Fleet server, OS ticket server, and C2 server.
Use of the vulture cloud provider to create virtual machines for the challenge.
Introduction to the concept of a VPC (Virtual Private Cloud) and its role in network diagrams.
Demonstration of connecting servers in draw.io using directional arrows.
Explanation of bidirectional arrows and their significance in network diagrams.
Color coding and pattern selection for arrows to represent different types of server connections.
Inclusion of a private network range and subnet mask in the network diagram.
Addition of an internet gateway and internet connection to the network diagram.
Incorporation of a sock analyst laptop and an attacker laptop into the network diagram.
Emphasis on the importance of creating logical diagrams for understanding network flows.
Advice on not focusing on the aesthetics of diagrams but rather on the practical skill of creating them.
Encouragement to save the created diagrams for future reference.
Conclusion of day one of the challenge and a reminder about the giveaway for a My Cyber Security Analyst course.
Transcripts
welcome to day one of the 30-day my
defer sock analyst challenge which is a
challenge that I created for the sole
purpose of helping aspiring sock analyst
obtain practical experience in 30 days I
hope that you're as excited as I am to
get started but before I jump right in
if this is your first time seeing my
videos hello my name is Steven and I
been in the cyber security industry for
about 8 years now focusing specifically
in the security operations domain and I
am now a digital forensic and incident
response Consultants I do help Mentor a
lot of individuals who want to get into
cyber security specifically as a stock
analyst and one of the major problems
that I often see is the lack of
practical experience with this 30-day
challenge my goal here is to help those
gain confidence in their Hands-On skills
and obtain the required practical
experience but enough of me talking
let's get right into it to get started
you want to head over to draw.io and and
then you'll be presented with this page
right here if this is your first time
using draw.io don't worry this is pretty
easy to use and I'll go over very
quickly on the left hand side we do have
some shapes that we can select from and
we can also select miss or Advanced or
any other tabs here however we are going
to mainly Focus under the general tab
here at the top we can actually name our
diagram currently it is called Untitled
diagram by default now to name it we can
just simply click on on it and then we
can type in let's say 30-day my defer
diagram and then click on rename and now
our title is 30-day my defer diagram on
the right hand side we do have some
options for our diagram and style so for
example we can show the Grid or not just
by checking this we can have the page
view have a background color shadow or
sketch but for now I'll just uncheck
Shadow and sketch and I'll just leave
everything as default see pretty easy
right first and foremost let's think
about what we're going to be building
for this challenge for this challenge I
am going to be building six servers so
on the top leftand corner I am going to
search for server and hit enter and now
here are all of the icons related to the
word server I'll click on more results
and we do have this server right here a
traditional server so I'll go ahead and
click on that and it gets placed right
here so what I'll do is select the
server and hold control D to duplicate
this we want to have six servers so
that's three 4 5 and six let's go ahead
and drag this over here and I'll be
using the cloud provider vulture to be
creating all six servers on the left
hand side I'll select this rounded
rectangle and what I'll do is just
expand this here next on the left I'll
click on the text and then I'll type in
vulture that way we can just signify
that hey we are using the vulture cloud
provider put this over on the top left
hand corner and because our servers are
behind this I'm going to right click and
select two back now our servers are all
in the front for our first server we are
going to be spinning up elastic and
Cabana the next one this is going to be
our Windows server and we'll have RDP
enabled for the next one we'll say
Ubuntu server with SSH enabled then next
we'll have a fleet server and then we'll
have an OS ticket server and finally
we'll have a C2 AKA command and control
server now although This Server will be
built using vulture I'm actually going
to just put this out for now and I'll be
coloring this red by selecting red at
the top right hand corner now this color
is pretty pink so I'll just select the
color and we'll select red perfect if
you're not familiar with Cloud providers
whenever you spin up a virtual machine
within the cloud you do have the option
to configure what is called a VPC AKA a
virtual private cloud and essentially
what a VPC will do is put all of your
virtual machines that you created in the
cloud in the same private network if you
configure it that way so let's draw that
for our diagram here I'll go ahead and
search up VPC and we do have one here so
I'll click on the VPC icon and let's
expand this just a bit that way we have
more playroom for our diagram I went
ahead and formatted this just a little
bit that way it looks more presentable
and by all means you can go ahead and
copy this as well the next thing I'll do
here is start connecting our servers to
each other starting with our Windows
server with RDP enabled if you hover
this server with your mouse you'll
notice that there are four directional
arrows so what I'll do is click and hold
the one on the right and then I'll
connect it over to our Fleet server now
if you're not familiar with what a fleet
server is or any of the servers don't
worry because in the future videos I'll
be going over each server that way by
the end of the videos you'll know
exactly what these servers are let's do
the same for our Ubuntu Server so I'll
go ahead and connect that over to our
Fleet and I'll double click the arrow
and I'll type in managed and then do the
same for the Ubuntu managed and then
we'll connect our Fleet server to our
elastic and kabana just like that and if
you notice our arrow is pointing
directly to our elastic and Cabana
server but there's nothing for our Fleet
server so what I'll do is click on the
arrow and on the right hand side where
it says None I'll select this and then
click on the first icon underneath none
which is this Arrow icon here what this
will do is say hey this is a biral arrow
and that is what I'm trying to show here
I will also color this let's pick orange
and I'll change the pattern as as well
I'll select the fourth one for now yeah
that looks pretty good and then for OS
ticket let's go ahead and connect that
over to elastic and I will color this as
yellow let's do a bidirectional as well
just like that and then I'll double
click this and say alerts slash
tickets and you know what let's change
the pattern to the same pattern for the
fleet server in Cabana this is going to
say manage agents and let's connect our
Windows Server over to our elastic and
Cabana as well I'll do you buntu and
connect it like that now I don't like
how the arrows are super stiff like this
s shape here so I'll click on this and
click on this Waypoint icon and select
straight now it's a lot neater in my
opinion I'll do the same for the Ubuntu
server and let's color this blue color
that blue and and I'll change the
pattern to the same pattern as what I
used for the fleet server and Os ticket
which is the fourth one
here nice what this arrow is going to
represent is the logs that are being
forwarded from the Windows Server into
elastic and Cabana so I'll say forward
logs via agent do the same for the
Ubuntu as
well the next thing I want to do is
specify what my private Network range
will be so I'll click on the text icon
at the left drag this over
here and let's say private Network let's
see what's a good range that we can use
you know what I'll just say 172 31.0 do0
and this will be a
sl24 what this means is that my IP range
will be 172 31.0 do1 all the way to
254 which is more than enough for this
challenge with a sl24 that means my
subnet mask is going to be
255.255.255.0 and just to make this a
little bit more cleaner on the right
hand side I'll select this left text
align and that just did my Subnet Mass
so I'll highlight all of the text and
click on this left text align again
beautiful that's looking pretty good now
I am missing a couple icons here the
first one being the internet gateway so
let's go ahead and search that up
internet gateway and we'll select the
first one let's drag that up here
minimize this just a bit expand this
here so we have more room to play with
you can kind of think of this internet
gateway as our internet service provider
in a sense and the next thing is our
internet so I'll just type in cloud and
this cloud is going to represent our
internet and let's go ahead and connect
our Internet to our internet gateway and
our internet gateway to our VPC just
like so perfect the next thing we want
to do is our computer so search up
computer and do we have a fancy one ah
let's just use the laptop I guess make
this a little bit bigger here and double
click this this will be our sock analyst
laptop and I'll go ahead and connect
this over to the internet and change
this line to straight there you go
double click that I'll say connect to
elastic Cabana via web guy and you know
what let's duplicate our sock analyst
laptop drag this over and I will say
attacker laptop and color this red
perfect this will have C Linux
installed and our C2 server will
be
Mythic nice and I think this is pretty
much it to be honest Let's see we have
our stock analyst laptop to the internet
now of course we can connect this here
just like
so and we can change this to
straight change that to straight and at
the bottom we have vulture as our cloud
provider the internet gateway there's a
VPC here we have elastic and Cabana OS
ticket yunto server Fleet server and a
Windows server along with our IP address
information now this diagram is not set
in stone at any given time we can go
ahead and update this but now we have a
better understanding of how things are
going to flow and what our environment
is going to look like the last thing I
want to reiterate here is that your
diagram does not need to look pretty now
I did do a little bit of formatting on
my end because I am presenting it to you
but for yourself you just need to try it
and put in the Reps to eventually get
more comtable in building logical
diagrams in the beginning it might feel
pretty useless but trust me this is a
skill that it will be extremely helpful
for you in the future the last thing you
want to do here is save it out so to
save it you want to click on file at the
top left
corner and select save and then click on
Save By following along not only did you
learn how to create a diagram but you
now also have a logical diagram of what
the setup is going to look like and that
concludes day one of the 30-day my def
for sock analyst challenge as a reminder
I'll be doing a giveaway where one lucky
winner will win a grand prize of the my
defer sock analyst course and
additionally there will be three
one-month passes for try hack me details
are provided in the description if you
are an aspiring sock analyst I would
highly encourage you to participate to
level up your practical skills thank you
so much for watching And subscribe if
you want to remember to stay curious and
do things differently
Weitere ähnliche Videos ansehen
Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide)
How I Would Learn Cyber Security If I Could Start Over in 2024 (6 Month Plan)
How I Would Learn Cyber Security If I Could Start Over (Amazon Principal Security Engineer)
Cybersecurity Project | Wireshark Packet Analysis
AWS ALB (Application Load Balancer) - Step By Step Tutorial (Part -9)
Getting Into Cyber Security: 5 Skills You NEED to Learn
5.0 / 5 (0 votes)