User Tools

Site Tools


network_design_-_where_to_setup_lucy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
network_design_-_where_to_setup_lucy [2019/05/22 09:31] lucynetwork_design_-_where_to_setup_lucy [2019/10/14 15:45] (current) lucy
Line 20: Line 20:
  
 You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), an installation in the intranet is not recommended for security reasons.  The web server would be directly accessible from the Internet. In case of a vulnerability in the system or application, an attacker would have direct access to the intranet via the LUCY server. In such a case you should install LUCY in a separate zone. In that case you could consider using one LUCY instance only as a reverse proxy in that zone, and install the main application within the intranet as a "master instance". This configuration is described [[setting_up_a_lucy_master_slave|here]].  You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), an installation in the intranet is not recommended for security reasons.  The web server would be directly accessible from the Internet. In case of a vulnerability in the system or application, an attacker would have direct access to the intranet via the LUCY server. In such a case you should install LUCY in a separate zone. In that case you could consider using one LUCY instance only as a reverse proxy in that zone, and install the main application within the intranet as a "master instance". This configuration is described [[setting_up_a_lucy_master_slave|here]]. 
- 
- 
-===== Challenges in an on-premise installation ===== 
- 
-  * Mail integration: LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. The main two mail delivery methods are using the build-in mail server or your own mail relay. The mail relay could be our internal mail server. Please keep in mind that in LUCY you can send two types of email: firstly, mails for the attack simulations. On the other hand mails for the awareness training. Especially with mails for phishing simulations, the use of your own mail server can be viewed critically.  When sending emails through your own mail server, the technically experienced recipient would see in the mail header that the email comes from the trustworthy internal server and can probably not be real phishing. Some organizations also classify the external emails with a special tag (e.g. "external email"). If this tag is missing because an internal mail server is used, the employees trust these emails and it is difficult to train them not to trust these emails. Therefore, when using the internal mail server, you should make sure that the emails look the same to the recipient as they do from the outside. 
- 
- 
- 
-If you use the build-in mail server, LUCY would need to be able to resolve the MX record for your own organisation and then deliver the mails to that server. Depending where LUCY is installed, you probably need to open SMTP communication ports. An easier method is using the internal mail server as a relay. In such a case LUCY would communicate with the internal mail server (A). You also need to allow relaying for the LUCY IP address on your internal mail server.  
- 
-{{ setup_lan.png?600 }} 
- 
- 
- 
-  * DNS integration: You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender. The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be accessed from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an externally accessible DNS server. 
- 
-  * HTTP/HTTPS access: The landing pages and the E-learning needs to be accessible via http or https (see [[ssl_configuration|this chapter]] for SSL configuration). If users from the internet have to access those pages, you need to make sure that you have set up an according port forwarding rule on your firewall together with a NAT entry, that points to LUCY. 
- 
-  * Security products and whitelisting: You need to ensure that the LUCY IP is whitelisted on all your security products (mainly the SPAM filters). Otherwise, you might end up blocking legitimate infrastructure elements within your own infrastructure. 
- 
-  * Securing the access: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY. 
- 
- 
  
  
 ===== On premise installation technical checklist ===== ===== On premise installation technical checklist =====
  
-**Download:** +Please consult [[installation_checklist|this chapter]].
-If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images: +
- +
-  * **Virtual Box**: http://download.phishing-server.com/dl/lucy-latest/virtualbox.zip +
-  * **Linux Installer**: http://download.phishing-server.com/dl/lucy-latest/install.sh +
-  * **ESX/ESXi**: http://download.phishing-server.com/dl/lucy-latest/esxi.ova +
-  * **Vmware Image**: http://download.phishing-server.com/dl/lucy-latest/vmware.zip +
-  * **Amazon**: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=installing_lucy_in_amazon +
- +
-If you require a different format (e.g. ovf), search for the according converter (e.g. search for "convert ova to ovf"). All downloads are automatically treated as a community edition.  +
- +
-**License:** +
-For testing purposes please send us the workstation ID (http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=how_to_activate_lucy&s[]=#where_to_find_the_workstation_id). This will allow us to issue you a test license. If you want to directly purchase LUCY please consult this [[how_to_purchase_lucy|article]]. +
- +
- +
- +
- +
-  +
- +
- +
- +
-===== LUCY Vmware technical components ===== +
- +
-When you download and boot the VMware Image, all software components are integrated in that image. There is no need to install any additional software. All components (DB, mail server, web server etc,) are bundles within the VMware images and controlled by the internal LUCY software, which runs transparently in the background. The updating of those components is also done within the LUCY software through internal processes, which are not visible to the end user. +
- +
-{{ vmwared1.png?600 }} +
- +
  
network_design_-_where_to_setup_lucy.1558510261.txt.gz · Last modified: 2019/07/25 12:52 (external edit)