network_design_-_where_to_setup_lucy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
network_design_-_where_to_setup_lucy [2018/04/03 19:48] – lucy | network_design_-_where_to_setup_lucy [2019/05/22 09:58] – [On premise installation technical procedure] lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Introduction | + | ===== On-premise installation vs. installation in the cloud ===== |
- | Lucy can be installed on premise or in the internet. | + | Lucy can be installed on-premise or in the internet |
Reasons for installing on an external server in the internet are: | Reasons for installing on an external server in the internet are: | ||
Line 12: | Line 12: | ||
Reasons for installing LUCY on premises are: | Reasons for installing LUCY on premises are: | ||
- | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe (GDPR) you need to make sure any personalized or sensitive data is secured. | + | * **Legal**: Some laws might not allow you to store sensitive data on an external server outside your network or outside your country. Especially with the new data protection law in Europe ([[privacy_data_protection_and_gdpr|GDPR]]) you need to make sure any personalized or sensitive data is secured. |
* **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | * **Integration with certain features**: LUCY comes with different API's such as the[[ldap_integration| LDAP API]], the [[api|REST API]] etc. which are common for backend applications that are usually not exposed to the internet. | ||
* **Security**: | * **Security**: | ||
- | ===== On premise installation ===== | + | ===== Where to place LUCY in an on-premise installation? ===== |
- | **Download:** | + | You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), |
+ | |||
+ | |||
+ | ===== On premise installation technical checklist ===== | ||
+ | |||
+ | * **Mail integration**: LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. The main two mail delivery methods are using the build-in mail server or your own mail relay. The mail relay could be our internal mail server. Please keep in mind that in LUCY you can send two types of email: firstly, mails for the attack simulations. On the other hand mails for the awareness training. Especially with mails for phishing simulations, | ||
+ | |||
+ | {{ setup_lan.png? | ||
+ | |||
+ | |||
+ | * **DNS integration**. You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender (awareness and attack simulation). The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be accessed from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an externally accessible DNS server. | ||
+ | |||
+ | * **Creating DNS records**. You will need two domain types in LUCY: Attack simulation domains and domains for your awareness training. The **attack simulation domain** could be used for your phishing website in your attack simulation. We recommend reserving first a generic domain like " | ||
+ | |||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **HTTP/ | ||
+ | |||
+ | * **Security products and whitelisting**: | ||
+ | |||
+ | * **Securing the access**: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY. | ||
+ | |||
+ | |||
+ | ===== On premise installation technical procedure ===== | ||
+ | |||
+ | **Hardware** | ||
+ | Please make sure you have the hardware ready with sufficient disk space (>200 GB) and memory (>4 GB). More details here: https:// | ||
+ | |||
+ | **Download** | ||
If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: | ||
Line 30: | Line 59: | ||
If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | If you require a different format (e.g. ovf), search for the according converter (e.g. search for " | ||
- | **License:** | + | **Installation** |
- | For testing purposes | + | Once downloaded, |
+ | * [[Installing LUCY on LINUX]] | ||
+ | * [[Installing | ||
+ | * [[Installing LUCY in Vmware]] | ||
+ | * [[Installing LUCY in Amazon]] | ||
+ | * [[installing_lucy_on_windows|Installing LUCY on Windows]] | ||
+ | * [[converting_vmware_to_hyperv|Converting LUCY from VMware ESX to Hyper-V]] | ||
- | **Where to place LUCY in an onsite installation? | + | **Login** |
- | You can place LUCY in the intranet or within a secured zone (DMZ). If you setup LUCY within | + | [[lucy_weblogin|Login]] to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute |
- | | + | **License:** |
+ | Please send us the workstation ID (http://www.lucysecurity.com/ | ||
- | {{ setup_lan.png?600 }} | + | **Mail setup** |
+ | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** in LUCY. In case you use the build in mail server: set the [[set_hostname_for_smtp_communication|hostname]] for the mail server. | ||
+ | |||
+ | **Domain Setup** | ||
+ | Setup a [[domain_configuration|domain]] in LUCY. This domain can be used for phishing simulations (landing pages) or the elearning portal. | ||
- | | + | **SSL Setup** |
+ | Create a [[ssl_configuration|trusted certificate]] for the administration of LUCY. | ||
- | | + | **User management** |
+ | Create all the required administrators | ||
- | | + | **Updating** |
+ | [[download_templates|Download]] | ||
- | | + | **Hardening** |
+ | Consider implementing additional | ||
+ | **White Label** | ||
+ | Give LUCY a [[white_label_lucy_-_custom_branding|custom branding]] | ||
- | If you setup LUCY in a DMZ, you could as well consider using a LUCY instance only as a reverse proxy in the secured zone, and install the main application within the intranet as a " | + | **Test campaign** |
+ | Once you are all set you can try to [[create_your_first_phishing_campaign|setup your first campaign]] | ||
network_design_-_where_to_setup_lucy.txt · Last modified: 2019/10/14 15:45 by lucy