User Tools

Site Tools


network_design_-_where_to_setup_lucy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
network_design_-_where_to_setup_lucy [2018/05/31 11:10]
lucy [Introduction]
network_design_-_where_to_setup_lucy [2019/03/01 11:14] (current)
lucy
Line 31: Line 31:
  
 **License:​** **License:​**
-For testing purposes please send us the workstation ID (http://​www.lucysecurity.com/​PS/​doc/​dokuwiki/​doku.php?​id=how_to_activate_lucy&​s[]=#​where_to_find_the_workstation_id). This will allows ​us to issue you a test license. If you want to directly purchase LUCY please consult this [[how_to_purchase_lucy|article]].+For testing purposes please send us the workstation ID (http://​www.lucysecurity.com/​PS/​doc/​dokuwiki/​doku.php?​id=how_to_activate_lucy&​s[]=#​where_to_find_the_workstation_id). This will allow us to issue you a test license. If you want to directly purchase LUCY please consult this [[how_to_purchase_lucy|article]].
  
 **Where to place LUCY in an onsite installation?​** **Where to place LUCY in an onsite installation?​**
 You can place LUCY in the intranet or within a secured zone (DMZ). If you setup LUCY within the intranet you will have to consider the following challenges: You can place LUCY in the intranet or within a secured zone (DMZ). If you setup LUCY within the intranet you will have to consider the following challenges:
  
-  * Mail integration:​ LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. If you use the build in mail server, LUCY would need to be able to resolve the MX record and then deliver the mails to that public accessible server. As a result you probably need to open SMTP communication outbound. An easier method is using the internal mail server as a relay. In such a case LUCY would communicate with the internal mail server (A). You also need to allow relaying for the LUCY IP address on your internal mail server. ​+  * Mail integration:​ LUCY has different mail delivery methods. See [[mail_delivery_methods_in_lucy|this chapter]]. If you use the build in mail server, LUCY would need to be able to resolve the MX record and then deliver the mails to that public accessible server. As a resultyou probably need to open SMTP communication outbound. An easier method is using the internal mail server as a relay. In such a case LUCY would communicate with the internal mail server (A). You also need to allow relaying for the LUCY IP address on your internal mail server. ​
  
 {{ setup_lan.png?​600 }} {{ setup_lan.png?​600 }}
  
-  * DNS integration:​ You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender. The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be access ​from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an external ​accessible DNS server.+  * DNS integration:​ You can quickly setup new domains in LUCY. Details are described [[domain_configuration|here]]. Those domains could be used for the landing pages (Phishing or E-learning) or the mail sender. The internal clients will need to resolve those domains. Therefore, you need to create the according DNS entries also on your internal DNS server and point the records to LUCY. If the landing pages need to be accessed ​from users in the internet directly (without VPN), you need to make sure that the DNS records are also created on an externally ​accessible DNS server.
  
-  * HTTP/HTTPS access: The landing pages and the E-learning needs to be accessible via http or https (see [[ssl_configuration|this chapter]] for SSL configuration). If users from the internet have to access those pages, you need to make sure that you have setup an according port forwarding rule on your firewall together with a NAT entry, that points to LUCY.+  * HTTP/HTTPS access: The landing pages and the E-learning needs to be accessible via http or https (see [[ssl_configuration|this chapter]] for SSL configuration). If users from the internet have to access those pages, you need to make sure that you have set up an according port forwarding rule on your firewall together with a NAT entry, that points to LUCY.
  
-  * Security products and whitelisting:​ You need to ensure that the LUCY IP is whitelisted on all your security products (mainly the SPAM filters). Otherwise you might end up blocking legitimate infrastructure elements within your own infrastructure.+  * Security products and whitelisting:​ You need to ensure that the LUCY IP is whitelisted on all your security products (mainly the SPAM filters). Otherwiseyou might end up blocking legitimate infrastructure elements within your own infrastructure.
  
   * Securing the access: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY.   * Securing the access: Once you finished the setup, you might want to prevent users from accessing the web based administration. In [[security_considerations|this chapter]] we discuss a few tips on how to secure LUCY.
network_design_-_where_to_setup_lucy.1527757804.txt.gz ยท Last modified: 2018/05/31 11:10 by lucy