lucy_onboarding_checklist
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
lucy_onboarding_checklist [2019/10/15 15:32] – lucy | lucy_onboarding_checklist [2021/09/29 10:28] (current) – lucysecurity | ||
---|---|---|---|
Line 13: | Line 13: | ||
^ Name ^ Description ^ Questions ^ Link(s) ^ | ^ Name ^ Description ^ Questions ^ Link(s) ^ | ||
| Get approval | Similar to approaching any important project, the first step in running a successful internal phishing training campaign is to make sure all concerned parties are notified and ready to comply. This includes executives, board of directors, IT and HR team, and your legal department. This step is usually accomplished fast and easy as it requires only a mild investment in phishing education in exchange of employee knowledge that can protect your company data from hacker attacks. Don’t forget to consult your HR department to ensure your simulations comply with current company policies. It’s also wise to reach out to your IT and Helpdesk Departments and discuss the planned activities with them. |•Did you get approval from the relevant departments (legal, risk, HR, support etc.)? \\ \\ •Has anyone voiced concerns you didn’t consider? | No links | | | Get approval | Similar to approaching any important project, the first step in running a successful internal phishing training campaign is to make sure all concerned parties are notified and ready to comply. This includes executives, board of directors, IT and HR team, and your legal department. This step is usually accomplished fast and easy as it requires only a mild investment in phishing education in exchange of employee knowledge that can protect your company data from hacker attacks. Don’t forget to consult your HR department to ensure your simulations comply with current company policies. It’s also wise to reach out to your IT and Helpdesk Departments and discuss the planned activities with them. |•Did you get approval from the relevant departments (legal, risk, HR, support etc.)? \\ \\ •Has anyone voiced concerns you didn’t consider? | No links | | ||
- | | Define | + | | Define |
| Past Education | Don’t forget to consider prior simulations and trainings that you’ve conducted on the topic of phishing and scam detection. If your employees have already been trained to spot scams, you should probably consider more sophisticated attack simulations that will be more difficult to recognize. | • Have you already trained all users on phishing & social engineering? | | Past Education | Don’t forget to consider prior simulations and trainings that you’ve conducted on the topic of phishing and scam detection. If your employees have already been trained to spot scams, you should probably consider more sophisticated attack simulations that will be more difficult to recognize. | • Have you already trained all users on phishing & social engineering? | ||
| Current exposure | One main tactic attackers use is ‘spoofing’, | | Current exposure | One main tactic attackers use is ‘spoofing’, | ||
Line 24: | Line 24: | ||
^ Name ^ Description ^ Questions ^ Link(s) ^ | ^ Name ^ Description ^ Questions ^ Link(s) ^ | ||
| Setup location | You can run the attack simulation from a cloud server or on-premise. \\ \\ Reasons for installing on an external server in the internet are: \\ ◾ Public IP address outside your network range: Prevents your infrastructure from being blacklisted. \\ ◾ Direct access: The server will not be blocked by any security products already in place within your own infrastructure. \\ ◾ Less possible conflicts with integration: | | Setup location | You can run the attack simulation from a cloud server or on-premise. \\ \\ Reasons for installing on an external server in the internet are: \\ ◾ Public IP address outside your network range: Prevents your infrastructure from being blacklisted. \\ ◾ Direct access: The server will not be blocked by any security products already in place within your own infrastructure. \\ ◾ Less possible conflicts with integration: | ||
- | | Prepare Hardware | Please make sure you have the hardware ready with sufficient disk space (>200 GB) and memory (>4 GB). | - | [[hardware|Hardware Specs]] | | + | | Prepare Hardware | Please make sure you have the hardware ready with sufficient disk space (>100 GB) and memory (>4 GB). | - | [[hardware|Hardware Specs]] | |
Line 40: | Line 40: | ||
| Login | [[lucy_weblogin|Login]] to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. As an alternative you can also use a domain name for the administration. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command | | Login | [[lucy_weblogin|Login]] to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. As an alternative you can also use a domain name for the administration. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command | ||
| Download License | Please send us the [[how_to_activate_lucy|workstation ID]] | - | [[https:// | | Download License | Please send us the [[how_to_activate_lucy|workstation ID]] | - | [[https:// | ||
- | | Update | Please make sure that LUCY can connect to the internet via http/https to our update server (193.25.100.129 - update.phishing-server.com). If you are using a proxy, please go to “advanced settings” and define your proxy first. \\ • Please test the disk space before updating all templates. Show a warning, if disk space is not sufficient. Always install with “install + replace” \\ • System update: show this button greyed out while templates are downloaded. If all templates are downloaded, allow the user to check for updates. Display an error if the http connection cannot be established. | - | [[update_lucy|Update LUCY]] | | + | | Update | Please make sure that LUCY can connect to the internet via http/https to our update server (162.55.130.83 - update.phishing-server.com). If you are using a proxy, please go to “advanced settings” and define your proxy first. \\ • Please test the disk space before updating all templates. Show a warning, if disk space is not sufficient. Always install with “install + replace” \\ • System update: show this button greyed out while templates are downloaded. If all templates are downloaded, allow the user to check for updates. Display an error if the http connection cannot be established. | - | [[update_lucy|Update LUCY]] | |
| Mail Settings | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** in LUCY. If you plan a phishing siluation together with a training, you might want to consider using a different domain or een mail server for the awareness training. In case you use the build in mail server: set the [[set_hostname_for_smtp_communication|hostname]] for the mail server. | • Do you want to perform a phishing simulation bundled with awareness training? | - | | | Mail Settings | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** in LUCY. If you plan a phishing siluation together with a training, you might want to consider using a different domain or een mail server for the awareness training. In case you use the build in mail server: set the [[set_hostname_for_smtp_communication|hostname]] for the mail server. | • Do you want to perform a phishing simulation bundled with awareness training? | - | | ||
- | | Domain Setup | You will need two domain types in LUCY: \\ \\ **Attack simulation domains** \\ \\ This is the domain you could use for your phishing website in your attack simulation. We recommend reserving first a generic domain like " | + | | Domain Setup | You will need two domain types in LUCY: \\ \\ **Attack simulation domains** \\ \\ This is the domain you could use for your phishing website in your attack simulation. We recommend reserving first a generic domain like " |
| SSL Setup | If you want to generate a trusted certificate for the admin access you have two options: \\ \\ • Upload your own certificate \\ • Create a trusted certificate using Lets Encrypt \\ \\ **SSL for your awareness training or attack simulation landing pages** \\ \\ Each campaign scenario can be configured with a custom landing page and SSL certificate. Please start the campaign setup wizard to setup SSL for your campaign after you finished the system setup. | | SSL Setup | If you want to generate a trusted certificate for the admin access you have two options: \\ \\ • Upload your own certificate \\ • Create a trusted certificate using Lets Encrypt \\ \\ **SSL for your awareness training or attack simulation landing pages** \\ \\ Each campaign scenario can be configured with a custom landing page and SSL certificate. Please start the campaign setup wizard to setup SSL for your campaign after you finished the system setup. | ||
| White-Label | The application can be visually adapted to corporate branding (custom copyright, software name, admin path, custom error page etc.) | - | [[white_label_lucy_-_custom_branding|custom branding]] | | White-Label | The application can be visually adapted to corporate branding (custom copyright, software name, admin path, custom error page etc.) | - | [[white_label_lucy_-_custom_branding|custom branding]] |
lucy_onboarding_checklist.1571146329.txt.gz · Last modified: 2019/10/15 15:32 by lucy