How the LucidView Enforcer works
Technically speaking the LucidView Enforcer’s content filter is a “DNS based content filter”, AND the Content access policy is enforced at a firewall level, meaning that the content filter is extremely difficult to circumvent.
This also means that non-DNS traffic, such as torrents, dark web, and connections hackers often used to gain remote unauthorized access to ransomware, can also be detected, reported on and disconnected.
Raw log data about connections made via the Enforcer is sent to the LucidView cloud. Please note this is not actual content, ONLY meta log data.
Thanks to the modern world giving us the power of BigData analysis, generic or specific report are available in a matter of seconds regardless of the type of report or reporting timeframe range.
LucidView.net provides a well commented install script to interested parties. This script, in a nutshell, does the following:
- Creates a VPN to our cloud.
- Sends raw log data to the LucidView cloud.
- Netflow and Syslog of DNS lookups, is sent to the LucidView cloud via the created VPN.
- Typically Netflow and Syslog will take up less than 1% of the data line, if line is saturated.
- Configure your MikroTik router as a DNS server for your Internal LAN and then set up a LucidView DNS server as an upstream forwarder, via the VPN.
- Creates a user on the Mikrotik router to allow the LucidView cloud to access your Mikrotik to:
- Apply the firewall rulebase every 5 minutes which will block any connections that are in intervention of the defined content filter profile for that particular MikroTik router.
- Do a DHCP name lookup — This is a feature available to administrator
- Set the WiFi password (if feature selected)
All of the above is clearly commented in the actual configuration script provided via the Mikrotik Enforcer Portal