creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/deploying-tailscale-for-zero-trust-vpn/assets/template.md
T

2.3 KiB
Raw Blame History

Tailscale Deployment Planning Template

Network Architecture

  • Organization: _______________
  • Tailnet Name: _______________
  • Identity Provider: _______________
  • Key Expiry Policy: _______________
  • Self-hosted (Headscale): [ ] Yes [ ] No

User Groups

Group Name Description Members Count Access Level
group:engineering Development team ___ Development, Staging
group:sre SRE/DevOps team ___ All environments
group:security Security team ___ Monitoring, Audit
group:management Leadership ___ Dashboards only

Infrastructure Tags

Tag Description Owner Group Environment
tag:production Production servers group:sre Production
tag:staging Staging servers group:engineering Staging
tag:development Dev servers group:engineering Development
tag:database Database servers group:sre All
tag:monitoring Monitoring stack group:sre All

Subnet Routes

CIDR Description Router Node Auto-Approved
10.0.0.0/16 Corporate network ___ [ ] Yes
192.168.0.0/24 Lab network ___ [ ] Yes

Exit Nodes

Hostname Location Purpose Auto-Approved
___ ___ Internet routing [ ] Yes
___ ___ Geo-specific access [ ] Yes

Security Checklist

  • Identity provider configured with MFA
  • Key expiry enabled (recommended: 90 days)
  • ACLs configured with deny-all default
  • Network Lock enabled
  • SSH access requires re-authentication for privileged users
  • Audit logging enabled
  • Subnet routes approved only for authorized nodes
  • Exit nodes approved only for authorized nodes
  • Untagged node policy defined
  • Ephemeral keys used for CI/CD and temporary workloads

Rollout Plan

Phase 1: Infrastructure

  • Deploy to servers and critical infrastructure
  • Configure subnet routers
  • Set up exit nodes
  • Test ACL enforcement

Phase 2: User Onboarding

  • Pilot group deployment
  • Full organization rollout
  • VPN migration (decommission legacy VPN)
  • User training and documentation

Phase 3: Hardening

  • Enable Network Lock
  • Enable Tailscale SSH with session recording
  • Configure auto-approvers
  • Set up monitoring and alerting
Reference in New Issue View Git Blame Copy Permalink