network_design_-_where_to_setup_lucy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
network_design_-_where_to_setup_lucy [2018/01/12 14:32] – [On premise installation] lucy | network_design_-_where_to_setup_lucy [2019/07/25 12:49] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Introduction | + | ===== On-premise installation vs. installation in the cloud ===== |
- | Lucy can be installed on premise or in the internet. | + | Lucy can be installed on-premise or in the internet |
Reasons for installing on an external server in the internet are: | Reasons for installing on an external server in the internet are: | ||
Line 12: | Line 12: | ||
Reasons for installing LUCY on premises are: | Reasons for installing LUCY on premises are: | ||
- | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe (GDPR) you need to make sure any personalized or sensitive data is secured. | + | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe ([[privacy_data_protection_and_gdpr|GDPR]]) you need to make sure any personalized or sensitive data is secured. |
* **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | * **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | ||
* **Security**: | * **Security**: | ||
- | ===== On premise installation ===== | + | ===== Where to place LUCY in an on-premise installation? ===== |
- | **Download:** | + | You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), |
+ | |||
+ | |||
+ | ===== On premise installation technical checklist ===== | ||
+ | |||
+ | * **Mail integration**: LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. The main two mail delivery methods are using the build-in mail server or your own mail relay. The mail relay could be our internal mail server. Please keep in mind that in LUCY you can send two types of email: firstly, mails for the attack simulations. On the other hand mails for the awareness training. Especially with mails for phishing simulations, | ||
+ | |||
+ | {{ setup_lan.png? | ||
+ | |||
+ | |||
+ | * **DNS integration**. You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender (awareness and attack simulation). The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be accessed from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an externally accessible DNS server. | ||
+ | |||
+ | * **Creating DNS records**. You will need two domain types in LUCY: Attack simulation domains and domains for your awareness training. The **attack simulation domain** could be used for your phishing website in your attack simulation. We recommend reserving first a generic domain like " | ||
+ | |||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **Security products and whitelisting**: | ||
+ | |||
+ | * **Securing the access**: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY. | ||
+ | |||
+ | |||
+ | ===== On premise installation technical procedure ===== | ||
+ | |||
+ | **Hardware** | ||
+ | Please make sure you have the hardware ready with sufficient disk space (>200 GB) and memory (>4 GB). More details here: https:// | ||
+ | |||
+ | **Download** | ||
If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | ||
Line 29: | Line 58: | ||
If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | ||
+ | |||
+ | **Installation** | ||
+ | Once downloaded, please install LUCY according to the download type: | ||
+ | * [[Installing LUCY on LINUX]] | ||
+ | * [[Installing LUCY in Virtualbox]] | ||
+ | * [[Installing LUCY in Vmware]] | ||
+ | * [[Installing LUCY in Amazon]] | ||
+ | * [[installing_lucy_on_windows|Installing LUCY on Windows]] | ||
+ | * [[converting_vmware_to_hyperv|Converting LUCY from VMware ESX to Hyper-V]] | ||
+ | |||
+ | **Login** | ||
+ | [[lucy_weblogin|Login]] to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command | ||
**License: | **License: | ||
- | For testing purposes please | + | Please |
- | **Where to place LUCY in an onsite installation? | + | **Mail setup** |
- | You can place LUCY in the intranet or within a secured zone (DMZ). If you setup LUCY within | + | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** |
- | | + | **Domain Setup** |
+ | Setup a [[domain_configuration|domain]] in LUCY. This domain can be used for phishing simulations | ||
- | {{ setup_lan.png?600 }} | + | **SSL Setup** |
+ | Create a [[ssl_configuration|trusted certificate]] for the administration of LUCY. | ||
+ | |||
+ | **User management** | ||
+ | Create all the required administrators [[user_management|users]] in LUCY. | ||
+ | |||
+ | **Updating** | ||
+ | [[download_templates|Download]] all of the latest templates. [[update_lucy|Update]] LUCY to the latest version | ||
+ | |||
+ | **Hardening** | ||
+ | Consider implementing additional [[security_considerations|security layers]] | ||
+ | |||
+ | **White Label** | ||
+ | Give LUCY a [[white_label_lucy_-_custom_branding|custom branding]] | ||
- | | + | **Test campaign** |
+ | Once you are all set you can try to [[create_your_first_phishing_campaign|setup your first campaign]] | ||
- | * HTTP/HTTPS access: The landing pages and the E-learning needs to be accessible via http or https (see [[ssl_configuration|this chapter]] for SSL configuration). If users from the internet have to access those pages, you need to make sure that you have setup an according port forwarding rule on your firewall together with a NAT entry, that points to LUCY. | ||
- | * Security products and whitelisting: | + | ===== LUCY Vmware technical components ===== |
- | * Securing the access: Once you finished | + | When you download and boot the VMware Image, all software components are integrated in that image. There is no need to install any additional software. All components (DB, mail server, |
+ | {{ vmwared1.png? | ||
- | If you setup LUCY in a DMZ, you could as well consider using a LUCY instance only as a reverse proxy in the secured zone, and install the main application within the intranet as a " | ||
network_design_-_where_to_setup_lucy.txt · Last modified: 2019/10/14 15:45 by lucy