Merge branch 'Redback-Operations:main' into main

docs/cybersecurity/Blue Team/email-infra-security/Email-Infra-Security.md

@@ -108,68 +108,78 @@ Description: Set up an on-premises email server within Redback Operations’ on-
 
 #### 2. Email Service Provider (ESP) Setup
 2.1. Research and select an ESP.  
-2.2. Set up email infrastructure by configuring the selected ESP with the registered domain.  
-2.3. Create initial email accounts (e.g., `[email protected]`).
-
-### Phase 2 – Initial Email Setup and DNS Configuration
-#### 3. DNS Configuration & Validation
-3.1. Configure DNS records:  
-     - Add a TXT record to verify domain ownership.  
-     - Add an MX record to route emails to the domain.  
-     - Add a CNAME record to configure email settings for users automatically.  
-     - Add a TXT record to configure SPF.  
-     - Add CNAME records to configure DKIM.  
-     - Add a TXT record to configure DMARC.
-
-3.2. Validate DNS propagation:  
-     - Use online tools such as **MXToolbox** and **Dmarcian**.  
-     - Use command-line tools such as `nslookup`.
+2.2. Set up email infrastructure by configuring the selected ESP.  
+2.3. Create an initial email account (e.g., `[email protected]).
+
+### Phase 2 – Initial Email Setup and DNS Configuration  
+#### 3. Email Infrastructure Setup  
+3.1.	Set up email infrastructure by configuring the selected ESP with the registered domain.
+
+#### 4. DNS Configuration & Validation
+4.1. Configure DNS records:  
+4.1.1. Add a TXT record to verify domain ownership.  
+4.1.2. Add an MX record to route emails to the domain.  
+4.1.3. Add a CNAME record to configure email settings for users automatically.  
+4.1.4. Add a TXT record to configure SPF.  
+4.1.5. Add CNAME records to configure DKIM.  
+4.1.6. Add a TXT record to configure DMARC.  
+
+#### 5. DNS Propagation Validation:  
+5.1. Using online tools such as **MXToolbox** and **Dmarcian**.  
+5.2. Using command-line tools such as `nslookup`.  
+
+#### 6. New E-mail Identities/Users Creation  
+6.1.	Create the initial batch of new e-mail identities/users for Redback Operations.  
 
 ### Phase 3 – SPF, DKIM, and DMARC Implementation
-#### 4. Security Controls Implementation & Validation
-4.1. Implement fundamental email authentication protocols:  
-     - Configure SPF  
-     - Enable DKIM  
-     - Implement DMARC:
-          - Configure DMARC policy  
-          - Configure DMARC monitoring and reporting using Valimail
-
-4.2. Validate email authentication protocols:  
-     - Use online tools such as **MXToolbox**, **Dmarcian**.  
-     - Use command-line tools such as `nslookup`.
-
-### Phase 4 – Additional security controls based on the CIS Foundations Benchmark guidelines
-4.3. Implement additional security controls based on **CIS Foundations Benchmark** guidelines:  
-     - Anti-phishing Policy  
-     - Anti-spam Policy  
-     - Anti-malware Policy  
-     - Safe Attachments Policy  
-     - Safe Links Policy  
-     - Content Filtering Policy  
-     - Common Attachment Types Filtering Policy  
-     - Connection Filtering Policy  
-     - Alert Policies  
-
-4.4. Validate using the recommended audit guidelines per the **CIS Foundations Benchmark**.  
+#### 7. Email Authentication Protocols Implementation (SPF, DKIM, DMARC)  
+7.1. Configure SPF  
+7.2. Enable DKIM  
+7.3. Implement DMARC:  
+7.3.1. Configure DMARC policy  
+7.3.2. Configure DMARC monitoring and reporting using Valimail   
+
+#### 8. Email Authentication Protocols Validation (SPF, DKIM, DMARC)  
+8.1. Use online tools such as **MXToolbox**, **Dmarcian**.  
+8.2. Use command-line tools such as `nslookup`.  
+
+#### 9. Email Authentication Protocols Functional Test (SPF, DKIM, DMARC)  
+9.1.	Send test e-mail using a redbackops.com email account (e.g., [email protected]) through Outlook, and checking e-mail headers.  
+9.2.	Send a test e-mail using a third-party email service provider (e.g.: MailChimp), sending a test e-mail, and checking e-mail headers.  
+9.3.	Perform a spoofing test using online tools such as https://www.dmarctester.com/ .  
+
+### Phase 4 – Additional security controls based on the CIS Foundations Benchmark guidelines  
+10. Implement additional security controls based on **CIS Foundations Benchmark** guidelines:  
+10.1. Anti-phishing Policy  
+10.2. Anti-spam Policy  
+10.3. Anti-malware Policy  
+10.4. Safe Attachments Policy  
+10.5. Safe Links Policy  
+10.6. Content Filtering Policy  
+10.7. Common Attachment Types Filtering Policy  
+10.8. Connection Filtering Policy  
+10.9. Alert Policies  
+
+11. Validate using the recommended audit guidelines per the **CIS Foundations Benchmark**.  
 
 ## Phase 5 – Additional Security Controls
-4.5.  Implement the use of mail transport rules to maintain a list of IoC and blocked senders list and reject emails from those IoC and blocked sender sources.  
-4.6.  Validate by adding a test sender address and IP address to the blocked senders list and confirming that the emails are blocked when sent from the listed sender address and IP address.  
+12. Implement the use of mail transport rules to maintain a list of IoC and blocked senders list and reject emails from those IoC and blocked sender sources.  
+13. Validate by adding a test sender address and IP address to the blocked senders list and confirming that the emails are blocked when sent from the listed sender address and IP address.  
 
-4.7.  Enforce **Strict TLS encryption** instead of Opportunistic TLS for all email transmissions to ensure data confidentiality and integrity during transport.  
-4.8.  Validate **Strict TLS encryption** by checking email headers and ensuring TLS is enforced.  
+14. Enforce **Strict TLS encryption** instead of Opportunistic TLS for all email transmissions to ensure data confidentiality and integrity during transport.  
+15. Validate **Strict TLS encryption** by checking email headers and ensuring TLS is enforced.  
 
-4.9.  Enforce **Multi-Factor Authentication (MFA)** for email accounts.  
-4.10. Validate MFA is enabled by attempting to log in and verifying that the second authentication step is prompted.  
+16. Enforce **Multi-Factor Authentication (MFA)** for email accounts.  
+17. Validate MFA is enabled by attempting to log in and verifying that the second authentication step is prompted.  
 
-4.11. Implement geofencing for email access.  
-4.12. Validate by attempting email access from an unauthorized location and ensuring access is blocked.  
+18. Implement geofencing for email access.  
+19. Validate by attempting email access from an unauthorized location and ensuring access is blocked.  
 
-4.13. Implement email activity logging and auditing.  
-4.14. Validate by reviewing logs and ensuring that email activities are captured.  
+20. Implement email activity logging and auditing.  
+21. Validate by reviewing logs and ensuring that email activities are captured.  
 
-4.15. Implement email retention and **DLP (Data Loss Protection)** policies.  
-4.16. Validate by attempting to delete sensitive emails and confirming that the policies prevent unauthorized deletion or sharing.
+22. Implement email retention and **DLP (Data Loss Protection)** policies.  
+23. Validate by attempting to delete sensitive emails and confirming that the policies prevent unauthorized deletion or sharing.
 
 ---
 

docs/cybersecurity/Blue Team/email-infra-security/phase1.md

@@ -0,0 +1,104 @@
+---
+sidebar_position: 2
+---
+
+# Phase 1 – Domain Registration & Basic Email Infrastructure Setup
+#  (As-Built Documentation)
+
+:::info
+**Document Creation:** 14 Dec, 2024. **Last Edited:** 14 Dec, 2024. **Authors:** Bikendra Gurung.
+<br></br>**Effective Date:** 14 Dec 2024. **Expiry Date:** 14 Dec 2025.
+:::
+
+## Objective
+The objective of this phase is to establish the foundational components for the implementation of a secure email infrastructure for Redback Operations. This phase focuses on:
+
+1. **Domain Registration**: Securing a domain for Redback Operations.  
+2. **Email Service Provider (ESP) Setup**: Setting up an Email Service Provider (ESP) with initial configurations.
+
+## Deliverables
+1. A registered domain.  
+2. A selected Email Service Provider (ESP).  
+
+---
+
+## 1. Domain Registration
+Outlined below are the steps undertaken for Domain Registration:
+
+### 1.1. Domain Registration
+#### 1.1.1. Select a domain name:  
+For this project, the selected domain name is – `redbackops.com`.
+
+> Initially, the domain name `redbackops.com.au` was considered, but registering a `.com.au` or `.net.au` domain requires the customer to:  
+> - Be a commercial entity  
+> - Have either an Australian Company Number (ACN) or Australian Business Number (ABN)
+
+#### 1.1.2. Select a reputable domain registrar:  
+For this project, the selected registrar is – **GoDaddy**.
+
+#### 1.1.3. Register the domain:  
+Register the domain with the chosen registrar (**GoDaddy**).  
+![Domain Registration](./img-phase1/1_Domain-Registration.jpg)
+![Domain Registration](./img-phase1/2_Domain-Registration.jpg)
+
+#### 1.1.4. Verify domain ownership:  
+Ensure that the domain appears under the ‘My Domains’ section in the dashboard.  
+![Domain Registration](./img-phase1/4_Domain-Registration.jpg)
+
+---
+
+### 1.2 Domain Security Enhancement
+#### 1.2.1. Enable Domain Privacy:  
+Enable Domain Privacy to protect the personal information of the domain owners.  
+[More Information](https://www.godaddy.com/en-au/help/what-is-domain-privacy-41145#options)
+![Domain Registration](./img-phase1/5_Domain-Privacy-Level.jpg)
+
+#### 1.2.2. Enable Domain Lock:  
+Enable Domain Lock to prevent the domain from unauthorized transfers, changes, or modifications.  
+[More Information](https://www.godaddy.com/en-au/help/unlock-or-lock-my-domain-410)
+![Domain Registration](./img-phase1/6.Domain-Privacy-Lock-ON.jpg)
+
+---
+
+## 2. Email Service Provider (ESP) Selection
+
+### 2.1 Research and Select an ESP
+#### 2.1.1. Select an Email Service Provider (ESP):  
+For this project, the selected email service provider is – **Microsoft 365 Exchange Online**.
+
+#### 2.1.2. Criteria for the ESP Selection:  
+1. Advanced security features, compliance, and governance capabilities.  
+2. Scalability features to support future growth and integration with the company’s other systems.  
+3. Support for advanced security capabilities and email authentication protocols such as SPF, DKIM, and DMARC.  
+4. High availability is supported by Microsoft’s global infrastructure.
+
+---
+
+### 2.2. Set up Email Infrastructure by Configuring the Selected ESP
+#### 2.2.1. Setup Process:  
+For this project, the **Microsoft 365 Developer Program** was used to set up the M365 Exchange Online email infrastructure.  
+[More Information](https://learn.microsoft.com/en-us/office/developer-program/microsoft-365-developer-program)
+
+#### 2.2.2. Program Sign-Up:  
+Sign up for the **Microsoft 365 Developer Program** for the project implementation.  
+![ESP Selection](./img-phase1/7_m365-dev-setup.jpg)
+> **Note**: For this project, the ‘Instant sandbox’ option was chosen for quick setup. However, it is recommended to go with the ‘Configurable sandbox’ option.  
+> - If you select a configurable sandbox, you can customize your domain name.  
+> - You will have an empty sandbox that you must populate with sample data.  
+> - The provisioning of the ‘Configurable sandbox’ may take up to two days.
+
+---
+
+### 2.3. Create an Initial Email Account
+#### 2.3.1. Create Account:  
+Create an initial email account (e.g., `[email protected]`) as part of the Microsoft 365 Developer Program sign-up process.  
+![ESP Selection](./img-phase1/8_m365-dev-setup.jpg)
+
+---
+
+## References
+- [Register a domain name - Business.gov.au](https://business.gov.au/online-and-digital/business-website/register-a-domain-name#:~:text=com.au%20or%20.,Australian%20Business%20Number%20(ABN))  
+- [What is domain privacy - GoDaddy](https://www.godaddy.com/en-au/help/what-is-domain-privacy-41145#options)  
+- [Unlock or lock my domain - GoDaddy](https://www.godaddy.com/en-au/help/unlock-or-lock-my-domain-410)  
+- [Microsoft 365 Developer Program Overview](https://learn.microsoft.com/en-us/office/developer-program/microsoft-365-developer-program)  
+- [Get started with Microsoft 365 Developer Program](https://learn.microsoft.com/en-us/office/developer-program/microsoft-365-developer-program-get-started)  

docs/cybersecurity/Blue Team/email-infra-security/phase2.md

@@ -0,0 +1,110 @@
+---
+sidebar_position: 3
+---
+
+# Phase 2 – Initial Email Setup and DNS Configuration
+#  (As-Built Documentation)
+
+:::info
+**Document Creation:** 14 Dec, 2024. **Last Edited:** 14 Dec, 2024. **Authors:** Bikendra Gurung.
+<br></br>**Effective Date:** 14 Dec 2024. **Expiry Date:** 14 Dec 2025.
+:::
+
+## Objective
+The objective of this phase is to configure and validate the required fundamental DNS records to ensure email functionality and security. This phase ensures that the domain is correctly set up to handle email traffic. In addition, this phase lays the foundation for advanced security configurations. Furthermore, the initial batch of new email identities/users is created in this phase. Overall, this phase focuses on:
+1.	Initial Email Infrastructure Setup.
+2.	DNS Configuration and Validation.
+3.	Email Identities/Users Creation.
+
+## Deliverables
+1. Email infrastructure configured with the registered domain.  
+2. Configured DNS records for the domain.  
+3. Validated DNS propagation of the configured DNS records.  
+4. New email accounts.  
+
+---
+
+## 3. Email Infrastructure Setup
+### 3.1 Set up Email Infrastructure by configuring the selected ESP with the registered domain.
+3.1.1. Follow the steps in the screenshots below to complete this section.  
+![Email Infrastructure Setup](./img-phase2/1_M365-Setup.jpg)
+![Email Infrastructure Setup](./img-phase2/2_M365-Setup.jpg)
+![Email Infrastructure Setup](./img-phase2/3_M365-Setup.jpg)
+
+3.1.2. Publish the DNS record shown in the screenshot below in the DNS Management section of the registrar (GoDaddy):  
+[GoDaddy DNS Management](https://dcc.godaddy.com/control/dnsmanagement?domainName)  
+![Email Infrastructure Setup](./img-phase2/4_M365-Setup.jpg)
+![Email Infrastructure Setup](./img-phase2/5_GoDaddy-DNS-Setup.jpg)  
+
+3.1.3. Publish the DNS record shown in the screenshot below in the DNS Management section of the registrar (GoDaddy):  
+[GoDaddy DNS Management](https://dcc.godaddy.com/control/dnsmanagement?domainName) same as in step 3.1.2. above. 
+![Email Infrastructure Setup](./img-phase2/6_M365-Setup.jpg)  
+
+---
+
+## 4. DNS Configuration
+### 4.1 Configure DNS Records
+Ensure the following DNS records are published in the DNS of the domain:
+
+| **Record Type** | **Name/Host** | **Value**                                   | **TTL**  | **Priority** |
+|-----------------|---------------|---------------------------------------------|----------|--------------|
+| TXT            | @             | MS=ms87813099                              | 1 Hour   | N/A          |
+| MX             | @             | redbackops-com.mail.protection.outlook.com | 1 Hour   | 0            |
+| CNAME          | autodiscover  | autodiscover.outlook.com                   | 1 Hour   | N/A          |
+| TXT (SPF)      | @             | v=spf1 include:spf.protection.outlook.com -all | 1 Hour | N/A          |  
+
+![DNS Configuration](./img-phase2/7_GoDaddy-DNS-Setup.jpg)  
+
+---
+
+## 5. DNS Propagation Validation
+### 5.1 Using Online Tools (e.g., MXToolbox)
+
+5.1.1. Validate TXT record **MS=ms87813099** provided by the email service provider to verify domain ownership.  
+![DNS Validation](./img-phase2/8_mxtoolbox.jpg)  
+
+5.1.2. Validate MX record **redbackops-com.mail.protection.outlook.com** to route emails to the domain.  
+![DNS Validation](./img-phase2/9_mxtoolbox.jpg)  
+
+5.1.3. Validate CNAME record **autodiscover.outlook.com** to configure email settings for users automatically.  
+![DNS Validation](./img-phase2/10_mxtoolbox.jpg)  
+
+5.1.4. Validate SPF record **v=spf1 include:spf.protection.outlook.com -all**.  
+![DNS Validation](./img-phase2/11_mxtoolbox.jpg)  
+
+### 5.2 Using Command Line Tools (e.g., nslookup)
+
+5.2.1. Validate TXT record:  
+`nslookup -type=TXT redbackops.com`  
+![DNS Validation](./img-phase2/12_nslookup.jpg)  
+
+5.2.2. Validate MX record:  
+`nslookup -type=MX redbackops.com`  
+![DNS Validation](./img-phase2/13_nslookup.jpg)  
+
+5.2.3. Validate CNAME record:  
+`nslookup -type=CNAME autodiscover.redbackops.com`  
+![DNS Validation](./img-phase2/14_nslookup.jpg)  
+
+5.2.4. Validate SPF record:  
+`nslookup -type=TXT redbackops.com`  
+![DNS Validation](./img-phase2/15_nslookup.jpg)  
+
+---
+
+## 6.6.	New E-mail Identities/Users Creation
+### 6.1 Create the Initial Batch of New Email Identities/Users
+6.1.1. Use PowerShell script to create the initial batch of new email identities/users.  
+**PowerShell Script**: [Create Users](https://github.com/Redback-Operations/redback-cyber/blob/main/T3_2024/Email%20Infrastructure%20%26%20Security/Create%20Users.ps1)  
+6.1.2. Validate that the users have been created in Microsoft Admin Center:  [Microsoft Admin Center](https://admin.microsoft.com/).  
+![User Creation](./img-phase2/16_user-creation.jpg)  
+
+6.1.3. Ensure that the users have been assigned licenses.  
+![User Creation](./img-phase2/17_assign-license.jpg)  
+
+---
+
+## References
+- [MXToolbox](https://mxtoolbox.com/)  
+- [Microsoft Admin Center](https://admin.microsoft.com/)  
+- [GoDaddy DNS Management](https://dcc.godaddy.com/)