You can place LUCY in the intranet or within a secured zone (DMZ). If you want to allow external users (e.g. mobile users with smartphones) to access LUCY's websites (attack simulations or e-learning), an installation in the intranet is not recommended for security reasons. The web server would be directly accessible from the Internet. In case of a vulnerability in the system or application, an attacker would have direct access to the intranet via the LUCY server. In such a case you should install LUCY in a separate zone. In that case you could consider using one LUCY instance only as a reverse proxy in that zone, and install the main application within the intranet as a “master instance”. This configuration is described here.
Hardware Please make sure you have the hardware ready with sufficient disk space (>200 GB) and memory (>4 GB). More details here: https://wiki.lucysecurity.com/doku.php?id=hardware
Download If you have decided to do an on premise installation you will first need to download LUCY from our webpage. Please choose one of our installers or images:
If you require a different format (e.g. ovf), search for the according converter (e.g. search for “convert ova to ovf”). All downloads are automatically treated as a community edition.
Installation Once downloaded, please install LUCY according to the download type:
Login Login to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command python /opt/phishing/current/tools/setup/setup.py (if you have a docker based installation, execute: docker exec -it lucy /bin/bash and then press enter and execute python /opt/phishing/current/tools/setup/setup.py). Within the setup script menu please choose menu item “domain configuration” and set the domain for your admin UI here.
License: Please send us the workstation ID (http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=how_to_activate_lucy&s=#where_to_find_the_workstation_id).
Domain Setup Setup a domain in LUCY. This domain can be used for phishing simulations (landing pages) or the elearning portal.
SSL Setup Create a trusted certificate for the administration of LUCY.
User management Create all the required administrators users in LUCY.
Hardening Consider implementing additional security layers
White Label Give LUCY a custom branding
Test campaign Once you are all set you can try to setup your first campaign