Project 2025

The primary goal of this project is to establish an incident response capability for your information system, using a case study of PEM as an example. You must implement all the components outlined in the architecture diagram (Figure 1). The LAN network comprises two sub-networks (e.g., VLANs) that host client machines and servers. These servers provide various services, including DHCP, DNS, FTP, SSH, and a web server. You have the flexibility to distribute these services across multiple servers. Additionally, an Active Directory is required to manage machines, users, and the internal domain name. Clients must have internet access, while servers should be able to receive updates from the internet.

To achieve this, you need to follow the following steps:

Propose an example of an enterprise context.
Propose a secure network architecture by positioning your firewall (you can use Pfsense, for example), IDS, SIEM and other relevant components. I sugget using the ANSSI guide for recommendations on architectures for sensitive or restricted information systems.
Install and configure the different components according to the requirements of the proposed architecture.
Establish an incident response plan and associated playbooks for at least two types of threats. You can adapt existing public playbooks to your specific context.
Test your playbooks using a Mitre ATT&CK-based emulation tools such as Caldera, Atomic Red Team or other red team emulation tools.