network_design_-_where_to_setup_lucy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
network_design_-_where_to_setup_lucy [2018/01/12 14:24] – [On premise installation] lucy | network_design_-_where_to_setup_lucy [2019/05/22 09:58] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Introduction | + | ===== On-premise installation vs. installation in the cloud ===== |
- | Lucy can be installed on premise or in the internet. | + | Lucy can be installed on-premise or in the internet |
Reasons for installing on an external server in the internet are: | Reasons for installing on an external server in the internet are: | ||
Line 12: | Line 12: | ||
Reasons for installing LUCY on premises are: | Reasons for installing LUCY on premises are: | ||
- | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe (GDPR) you need to make sure any personalized or sensitive data is secured. | + | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe ([[privacy_data_protection_and_gdpr|GDPR]]) you need to make sure any personalized or sensitive data is secured. |
* **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | * **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | ||
* **Security**: | * **Security**: | ||
- | ===== On premise installation ===== | + | ===== Where to place LUCY in an on-premise installation? ===== |
- | **Download:** | + | You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), |
+ | |||
+ | |||
+ | ===== On premise installation technical checklist ===== | ||
+ | |||
+ | * **Mail integration**: LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. The main two mail delivery methods are using the build-in mail server or your own mail relay. The mail relay could be our internal mail server. Please keep in mind that in LUCY you can send two types of email: firstly, mails for the attack simulations. On the other hand mails for the awareness training. Especially with mails for phishing simulations, | ||
+ | |||
+ | {{ setup_lan.png? | ||
+ | |||
+ | |||
+ | * **DNS integration**. You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender (awareness and attack simulation). The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be accessed from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an externally accessible DNS server. | ||
+ | |||
+ | * **Creating DNS records**. You will need two domain types in LUCY: Attack simulation domains and domains for your awareness training. The **attack simulation domain** could be used for your phishing website in your attack simulation. We recommend reserving first a generic domain like " | ||
+ | |||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **Security products and whitelisting**: | ||
+ | |||
+ | * **Securing the access**: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY. | ||
+ | |||
+ | |||
+ | ===== On premise installation technical procedure ===== | ||
+ | |||
+ | **Hardware** | ||
+ | Please make sure you have the hardware ready with sufficient disk space (>200 GB) and memory (>4 GB). More details here: https:// | ||
+ | |||
+ | **Download** | ||
If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | ||
Line 29: | Line 58: | ||
If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | ||
+ | |||
+ | **Installation** | ||
+ | Once downloaded, please install LUCY according to the download type: | ||
+ | * [[Installing LUCY on LINUX]] | ||
+ | * [[Installing LUCY in Virtualbox]] | ||
+ | * [[Installing LUCY in Vmware]] | ||
+ | * [[Installing LUCY in Amazon]] | ||
+ | * [[installing_lucy_on_windows|Installing LUCY on Windows]] | ||
+ | * [[converting_vmware_to_hyperv|Converting LUCY from VMware ESX to Hyper-V]] | ||
+ | |||
+ | **Login** | ||
+ | [[lucy_weblogin|Login]]** to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command | ||
**License: | **License: | ||
- | For testing purposes please | + | Please |
- | **Where to place LUCY in an onsite installation? | + | **Mail setup** |
- | You can place LUCY in the intranet or within a secured zone (DMZ). If you setup LUCY within | + | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** |
- | | + | **Domain Setup** |
+ | Setup a [[domain_configuration|domain]] in LUCY. This domain can be used for phishing simulations (landing pages) or the elearning portal. | ||
+ | |||
+ | **SSL Setup** | ||
+ | Create | ||
+ | |||
+ | **User management** | ||
+ | Create all the required administrators [[user_management|users]] in LUCY. | ||
+ | |||
+ | **Updating** | ||
+ | [[download_templates|Download]] all of the latest templates. [[update_lucy|Update]] LUCY to the latest version | ||
+ | |||
+ | **Hardening** | ||
+ | Consider implementing additional [[security_considerations|security layers]] | ||
+ | |||
+ | **White Label** | ||
+ | Give LUCY a [[white_label_lucy_-_custom_branding|custom branding]] | ||
+ | |||
+ | **Test campaign** | ||
+ | Once you are all set you can try to [[create_your_first_phishing_campaign|setup | ||
- | {{ setup_lan.png? | ||
- | * DNS integration: | + | ===== LUCY Vmware technical components ===== |
- | * HTTP/HTTPS access: The landing pages and the E-learning needs to be accessible via http or https (see [[ssl_configuration|this chapter]] for SSL configuration). | + | When you download |
+ | {{ vmwared1.png? | ||
network_design_-_where_to_setup_lucy.txt · Last modified: 2019/10/14 15:45 by lucy