How the LucidView Enforcer works
Technically speaking the LucidView Enforcer’s Content Filter is a “DNS based Content Filter” AND a “Firewall based Content Filter” in one solution, meaning that our Content Filter is extremely difficult to circumvent.
This also means that non-DNS traffic, such as torrents, dark web, and connections often used by hackers to gain remote unauthorized access to ransomware, can also be detected, reported on and disconnected.
Raw log data (Netflow & Syslog) which contains connections meta data, is forwarded to the LucidView Cloud.
The LucidView cloud in turn process the raw log data, and provided meaningful, human readable reports, and dashboard.
LucidView provides a well commented install script for MikroTik routers. This script, in a nutshell, does the following:
VPN to LucidView
- Creates a VPN to our cloud.
- Sends raw log data to the LucidView cloud.
- Netflow and Syslog of DNS lookups, is sent to the LucidView cloud via the created VPN.
- Typically Netflow and Syslog will take up less than 1% of the data line, if line is saturated.
- Configure your MikroTik router as a DNS server for your Internal LAN and then set up a LucidView DNS server as an upstream forwarder, via the VPN.
Allow LucidView Cloud access to your MikroTik (Optional)
For additional functionality (listed below) you could create a user on the MikroTik router to allow the LucidView Cloud to access your MikroTik to:
- Do a DHCP name lookup — This is is useful in the Portal reporting section. (read only permissions needed)
- Set the WiFi password (read and write permissions needed)
All of the above is clearly commented in the actual configuration script provided via the Mikrotik Enforcer Portal