LucidView WebApplication

From LucidView MediaWiki
Jump to navigation Jump to search

The LucidView Administration Portal is a web application designed, implemented, and maintained by LucidView. The LucidView Web Application is divided into two distinct sectors, which users will interact with. Namely, the MikroTik Administration Portal, and the Enforcer Configuration Portal.

The MikroTik Administration Portal is the central point for which to Administer Enforcer profiles. A MikroTik Portal administration account is required to create Enforcer profiles. Please register yourself a MikroTik Administration Portal from the LucidView Website.

The Enforcer Configuration Portal is used to configure the four Distinct Modules available to each Enforcer profile. Content Filtering, IDPS, Saturation management, as well as dashboards and reports.

Before you Begin:

  1. An email address with which you will register your Administration Portal account.
  2. You will require access to an implementation of RouterOS, running either a Long-Term, or Stable release.
  3. We recommend having proficient knowledge in the following areas;
    1. Filter Rules
    2. Routing Marks and Packet Marks
    3. Routes
    4. Masquerade Rules
    5. Firewall Destination NATting (DNS Redirect)

MikroTik Administration Portal

The MikroTik Administration Portal is the web application used to administer to the creation and maintenance of Enforcer Profiles, as well as certain utility features, as well as the point of access for the Traffic-Flow Analyser.

Access

The first step is to create your LucidView MikroTik Portal account. This is done by registering using the registration link on our website.
  • Here is a video tutorial on how to register your LucidView MikroTik Portal account Video Tutorial
Once you have created your Portal Account you can log in from the website login page by clicking the LucidView MikroTik Portal login button and entering your login details.
There are two main points of ingress into your MikroTik Portal Account. The legacy method, can be found by entering the email address, that you registered an account with here. Enter your email address, and a unique link will be sent to the email address. Following this link, will require your email address to complete authentication. Alternatively, if your account has been sent to SFA(Single Factor Authentication - Please see Login Authentication under Profile Management), the unique link sent to your email address will be an access link, and will log you directly into your profile. Please note, that this login link, is reusable and shareable.
The second method for access to your MiktoTik Portal account, is simply the username and password combination of your User Account. User Accounts are created automatically for the user who registers the account. This method of access is the most efficient for Additional User accounts that are created, for access to the MikroTik Portal Account.
Once you have logged into your MikroTik Portal account, you will now be able to create and manage Enforcers and Enforcer profiles.
You may also create additional Portal access accounts, and designate their roles accordingly. Video Tutorial

Landing Page and Navigation Menu

The navigation bar, is the space at the top of the screen which contains the logo, account name, and current user email address. This navigation bar is persistent, and will show on every screen. Configure !!custom branding!! settings to change the logo and the URL redirect from clicking the logo, to options of your choice. You may access the Home Page at any time, by clicking your account name on the navigation bar.
The Home page, also referred to as the landing page, is the central location of your Administrative Portal account. From this screen, a variety of options are available. Notably, under the center block labelled as "Enforcer Management", you will find the "View All" button, that shows all of your created Enforcer profiles. You may create a new Enforcer Profile, by clicking the "Create New" button. Various configuration options, as well as access to features are available from the home screen.
The navigation menu is a drop down menu containing easy access links to the main portions of the Administrative Portal. It can be accessed on any screen by clicking "Menu", which can be found on the right most side of the navigation bar(Top portion of screen).

Enforcer Profiles

An Enforcer Profile consists of two aspects, a designation on the LucidView Administration Portal, and a MikroTik (Or something running RouterOS) that has been configured using the accompanying script(Accessible from the Portal)". Unique Enforcer profiles are required for each of your customers, which will be configured to their specific requirements, for each of the modules available to each Enforcer.
Enforcer profiles may also be logged in to using a separate access mechanism used by the Administration Portal. This means that you may give end users access to their own Enforcer Profiles, whereby they may configure the individual modules.
  • Here is a video on how to give my customers access to their Enforcer Profile Video Tutorial
The Custom branding settings configured within the Administration Portal, will also be applied to Enforcer Portal.

Creating

Creating Enforcer profiles allows you to provide your customers with their own customised Internet policy. Alternatively, within an organisation, school or even family, different profiles can be created for different groups with different Internet requirements. This is an extremely powerful tool and a huge value-add.
How to create an Enforcer profile:
  • Once you are logged into your management portal.
  • Click on "View All" under "Enforcer count".
  • Click on Create Enforcer, fill in the relevant information and click on create.
If you do not have a serial number available, use any unique identifier for the RouterOS instance, that you do have. Friendly names provide a more human friendly handle for each profile. Many of these properties may be edited after the profile has been created.

Admin Config and Module Activation

From the "View All Enforcers" page, you will be able to access the administrative configuration for each Enforcer profile. Click the magnifying glass under the column for "Edit Config".
You may now edit certain properties of this Enforcer profile, such as the friendly name, the DNS region, an additional email address (record keeping purposes only) and the UTC offset of this profile, to name a few.
While editing, one can also enable or disable the modules that you desire. This includes the content filtering module, IPS, saturation management, and the Reporting modules. Disabled modules will not be accessible or viewable when logged into that particular Enforcer Profile.
Enforcer profiles can also be disabled from this screen, as well as deleted after being disabled.
If required, the configuration script is also available from this menu.
Remember to save any changes you may have made!

Generate Reports

While viewing all Enforcer profiles, an easy method to generate reports for profiles also exists in the form of the "Generate" link available to each Enforcer profile. (Except for if access to the Enforcer Profile is denied)
Three main types of reports are accessible, namely, network reports, specific IP reports, and Specific Category reports. Network reports provide an easy to understand overview of the network traffic being utilised by this profile. Specific IP, and Category reports, are available to shed more insight the usage of a particular IP address, or the specific details of a certain category.
Reports provide valuable insight into your network traffic and can be used to measure performance, manage usage, guard against security threats and much more.
Steps to generate a report for your MikroTik Enforcer or Enforcer profile:
  • Login into your MikroTik Portal Account
  • Click on “View All” under your Enforcer Count
  • Locate the Enforcer or profile you wish to generate a report on
  • Now you can either log in to the Enforcer or simply click the “generate” link
  • You will now be presented with a number of ready-made report types.
  • Select the report you want to generate and then choose the options (dates etc) that you want to be included.
  • Click generate.
This video provides step by step instructions on how to generate reports for your MikroTik Enforcer. generate reports Video
Security Reports provides much needed insight into the connections that are likely malware or represent unauthorised access from remote hackers.
To generate a security report for a specific Enforcer profile follow these steps:
  • Login to your LucidView MikroTik Portal
  • Click on “View All” Enforcers
  • Log into the Enforcer you wish to create the report for
  • In the “Reports & Dashboards” section click the “Generate Reports” link
  • Under “Detailed Category Reports” click “Generate Now“
  • Now select your desired report type, filter and time-frame
  • In the drop down menu under “Select Report” choose the “Specific Category Connection Report”
  • In the drop down menu under “Select Category Filter” choose “Security Risk”
  • In the drop down menu under “Report timeframe” choose the time-frame you desire
  • Click “Generate”
This video provides step by step instructions on how to generate reports for your MikroTik Enforcer. generate Security Report

Login to Enforcer Profile

From the "View All" screen, an Administrator may log into each Enforcer Profile and configure the individual module settings. Logging into an Enforcer profile, is also it's own account, with it's own authorisation layer. Effectively, there are two active sessions (one for admin account, one for Enforcer profile). I.e, logging out of the Enforcer Profile, will not log you out of your Administration Portal Session.

User Management

The LucidView MikroTik Portal account contains different kinds of user accounts, for accomplishing role based tasks. For instance, access can be granted to the Administration Portal for a user who is only allowed to observe the configuration settings, and generate reports for eligible Enforcer profiles. Access roles also exist for users to be able to log into all Enforcer Profiles they have access to, from one centralised location, making the configuration of multiple Enforcer Profiles easier, and more efficient.

Portal Administration Accounts

Your LucidView MikroTik Portal account is your primary administration account. You create this account when you register on the LucidView website.
Once you have a LucidView MikroTik Portal account you can appoint additional Admin users and Reports only users. This is done in your LucidView MikroTik Portal under the "User Management" section by click on the "Reseller" button and "Add New" option. You can then select the permissions i.e. do you want the user to have full admin rights or be limited to just Reporting rights.
  • How to give Administrator Access to your LucidView MikroTik Portal Video Tutorial

Enforcer Manager Accounts

Enforcer Manager Accounts, provide an easy method of access, to several Enforcer Profiles, for one user. Enforcer accounts are created, and tethered to a users email address. All Enforcer profiles, which contain this users email address, as the Admin Address, will then be accessible by this Enforcer Manager Account. Once logged in, Enforcer managers are presented with a list of Enforcer Profiles that they are able to access, and manage accordingly.

Profile Management

Editing

In your Profile manager, you have the ability to change the following

  • Profile name.
  • Reseller Contact email address
  • Login Authentication Type
  • Timezone
  • Correspondence Consent
  • update your password
  • Manage token and access
  • Billing profile

Log into your Management portal. Click on the "Menu" button in the right and corner of your page. Click on "Reseller Profile"

Login Authentication

Administrator Account Email Address only
You have 2 options for logging in.
  • Single Factor
Using just the admin email address, access will be granted with a link sent via email.You may share this access link.
  • Two Factor
A two step authentication process that requires admin email address mailbox access, as well as a password, to gain sharable access to your account.
Login to your Portal account. Click on the "Menu" bottom in the right hand corner. Click on "Reseller Profile" in the dropdown menu. Choose the login authentication you want and then click update.

Correspondence

You have the ability to disable or enable LucidView Correspondence emails.
Log into your Management portal. Click on the "Menu" button in the right and corner of your page. Click on "Reseller Profile" Tick the box under "Correspondence Consent"

Billing Profile


Custom branding

The LucidView MikroTik Portal is a white-label solution. You can brand the portal with your Organisation's logos and corporate identity. This will ensure that your customers are shown your branding when they receive reports or log into their unique Enforcer profiles. This is designed to allow you to provide additional services to your customers.

Custom Name

Custom website redirect from nav bar (Clicking image does redirect as mentioned above)
The “reply-to” email address. (This is also the address the reports will come from)
The name of the product
Log into your Management portal account. Scroll down to Custom Branding. Click on Enforcer Branding. Enter the relevant information and click on update.

Custom Images

When uploading, please consider the following:
Please select which role the image will be used for.
Supported image types: bmp, jpg, png
Icons and Logos must have a square ratio, the report cover image must preferably be twice as wide as it is tall.
Recommend Dimensions
Recommended Icon Size: 32×32
Recommended Logo Size: 256×256
Recommended Report Cover Size: 2048×1024
Please note that all these branding options will apply to each managed enforcer or profile depending on your set-up as well.
Log into your Management portal account. Scroll down to Custom Branding. Click on Report Branding. Now you can click on the Image Type and then upload your image and then click upload.
  • This video is a step by step on how to personalise your Portal and Reports Custom Branding

Custom Colours

Ability to set the background colour of the cover page of the report.
Ability to set the text colour of the cover page of the report.
Log into your Management portal account. Scroll down to Custom Branding. Click on Report Branding. Now you can click on the colour bar and choose the colour you desire and then click update.

Admin Reports

Generating Reports

Log into your Management Portal. Scroll down to the bottom of your page. Under the section, "Reports" click on "Generate Report Now". Here you will have the option of Generating any report type. Click on "Generate Now" under the report you wish to generate. Choose the time frame you desire and click "Create Report"

Scheduled Admin Reports

Log into your Management Portal. Scroll down to the bottom of your page. Under the section, "Reports" click on "View Schedules" then click on "New Schedules". You will now be presented with a number of ready-made report types.
Select the report you want to generate and then choose the options (dates etc) that you want to be included. Click on "Create Schedule"

Pricing and Billing

LucidView’s pricing includes all of its modules and features. (i.e. regardless if one uses all one or all the modules, the pricing remains the same)
It is a usage based pricing model that is based on the cloud resources used. In order to properly gauge your costing, we recommend taking advantage of the 30 day “first month free” on Registration, as this will provide you with an ::accurate forecast of what your costs would will be once the trial has finished and you have upgraded to Pro.
LucidView MikroTik Portal access is $1 per month.
Each Active Enforcer profile attracts a cost based on usage. Typically it costs about $1 per month, per 10 users. For example:
  • Typically 50 Concurrent Users – approximately $5 per Enforcer profile per month.
  • Typically 500 Concurrent Users – approximately $50 per Enforcer profile per month.
  • Typically 5000 Concurrent Users – will vary at around $500 per Enforcer profile per month.
(Please note: All active Enforcer profiles have minimum monthly change of $1 )
  • During the free Trial period, Simply view the Costing Option in your portal menu to see the Network size, and associated costs, required for the particular profile, to continue after the trial period. – The longer the trial is runs ::for, the more accurate the forecast will be.
Log into your Management portal account. Click on "Menu" in the right hand corner of your page and then click on "Account Enforcer costing" in the dropdown option. You can also view the Billing Forecast by clicking on "View All" under ::"enforcer Count" Here you will see each enforcer with their billing Forecast
How Enforcer Profiles are costed
Pricing is based on the amount of LucidView cloud resources utilized. The primary factors that determine the pricing of the profile are the number of Netflow logs sent and the DNS load over the VPN. Each and every connection flowing ::into and out of your network is identified, analysed and categorised every few minutes by our web crawlers allowing us to provide a comprehensive content filter and effective intrusion prevention and detection.
For the purposes of planning ahead, each Enforcer profile’s usage is calculated daily and the likely costing is provided in your portal costing section.
Tip: The resources used on your profile can be reduced by utilising local DNS caching. This may reduce the DNS load on the VPN which may, in turn, reduce the cloud resources required by the profile.
Does LucidView offer fixed pricing?
Fixed pricing is available. Once your Enforcer has been online for a full month a quotation can be provided.
Fixed billing begins at $10 000.00 per annum and is paid for upfront.

Dashboard and Traffic Flow Analyser

By using this feature it is possible to drill down into your enriched Netflow data and identify even just one suspicious connection. This is a hugely powerful tool for identifying risks, malware and other security issues.
To view some demonstration videos of this feature tutorials

Enforcer Portal

The Enforcer Portal is used to access, and configure individual Enforcer profiles offered features. The Enforcer Portal has it's own access method, and various other methods can be configured to grant access to users.

Access & Login

You can provide your customers with access to their specific Enforcer profile by logging into your LucidView MikroTik Portal Account. You will have to give the customer the Enforcer Unique ID and the Admin Address of the profile should be set to the user Email address. You can go to “Enforcer account” click on the magnifying glass under “Edit Config” and change the “Administrator Address” and then click update.
Now you can scroll down to the "User Management" section in your Portal account and click on the "Enforcer Users" button. Then click the "New Enforcer User", add your customer's details into required fields and click "create".

Content Filter

The Content Filter is extremely powerful. It is where you implement your/s or your customers Internet Usage policy. The LucidView Web-Crawler is constantly crawling the web. collecting content and placing it into appropriate categories. The Content Filter allows you to decide what categories are available to your customers, when these categories are available (i.e. time-based rules for specific categories such as Social Media) and what priority each category takes during times of peak saturation (see Saturation Manager)

Category Blocking

How to configure Category Blocking

  • Log into your Enforcer Account.
  • From the landing page, or the top right navigation menu, select "Configure Category Blocking" under Content Filtering.
  • Now you can click on the categories you would like to block.
  • You may also add any entries to the override exception lists.

Then click on "Save now" at the bottom of the page to save your changes.

Override Exceptions

Exceptions are done with the use of whitelist and blacklisting the desired Domain, host and IP's. The whitelisting and blacklisting option empowers you to do more manual override configurations, over and above the category blocking policies.
For example, blocking the movies category and only allowing Netflix access by adding netflix.com to the whitelist, or by allowing the category social media and only blocking facebook.com by adding it to the blacklist.
How To configure override exceptions
  • Login to your Enforcer Profile
  • From the landing page, click on "Configure Category Blocking" under Content Filtering, also accessible from the drop down menu.
  • Scroll down to the bottom of the page and click on "whitelist/blacklist".
  • Click on "Add New" under either the whitelist or blacklist and enter the domain or IP subnet in the required field then click "Close".
  • Remember to click "Save Changes"

Time Rules

Time Rules are content filtering rules that enabling the allowing, or the blocking of content, based on the type of rule, and the time frame configured. For example, a time based rule can be constructed that can allow Social Media access only between 6 p.m. and 8 p.m, whilst remaining blocked for the rest of the time.
Rule types include category based rules, where you can easily block or allow entire categories based on a time frame. URL List rules, allow you block or allow a list of URLs or IPs. Safe search rules, allow for the enabling or disabling of YouTube and Search Engine safe search features.
How to create a time based rule for your content filter
  • Log in to your Enforcer Profile.
  • Click on "Configure Category Blocking" under Content Filtering, accessible from the main menu, or the drop down menu.
  • Scroll down to the bottom of the page and click on "Manage Time Rules"
  • Click on "Create New Rule".
  • Select the type of rule you want.
  • Once you have selected that you can enter the relevant information and click "Create"

Familiar Devices

Personal end user devices may be designated, and defined on the Enforcer Portal as a "Familiar Device". These are designated by IP, and you may name the device whatever you so wish.
By adding a familiar device, one may configure the familiar device to bypass the content filter, or to not log it's reporting data.
How to create a Familiar Device
  • Log in to the Enforcer profile.
  • Click on "Configure Category Blocking" under Content Filtering, accessible from the home screen of the Enforcer, or from the drop down menu.
  • Scroll down to the bottom of the page and click on "Familiar device Naming"
  • Click on "Create New Familiar device"
  • Here you will add the IP Address, Device Name as well as if you want to Allow Bypassing of Content filtering, and logging of Device Traffic.
  • Then click "Name Device", which will create the Familiar Device.
You may edit these Familiar Devices as necessary, by clicking on the magnifying glass for the relevant device.

Reports

Enforcer Reports are available from the Enforcer Menu, and can be generated at any time, or sent on a schedule of your choosing.
These reports provide an overview of the network traffic that is occurring on your Enforcer Profile.
There are many report types, offering a diverse arrangement of presented data.

Generating Reports

Reports for your Enforcer profile can be generated at any time, for the time frame of your choosing.
How To Generate Enforcer Reports
  • Login into your MikroTik Portal Account
  • Click on “View All” under your Enforcer Count
  • Locate the Enforcer or profile you wish to generate a report on
  • Now you can either log in to the Enforcer or simply click the “generate” link
  • You will now be presented with a number ready-made report types.
  • Select the report you want to generate and then choose the options (dates etc) that you want to be included.
  • Click generate.

Scheduling Reports

You can schedule reports to be sent to the administrator of the Enforcer profile, or to any other email address. These scheduled reports use the same reports available when generating reports, however, they are now sent via email on a time frame of your choosing.
How to Schedule Reports
  • Login into your MikroTik Portal Account.
  • Click on “View All” under your Enforcer Count
  • Locate and log into the Enforcer or profile you wish to schedule a report for.
  • Click on "Generate Reports" under "reporting".
  • Click on "eMail Reports"
  • Click on "Create New".
  • Now You will be presented with a number of ready-made report types.
  • Select the report you want and then choose the options (dates etc) that you want to be included.
  • Click "Create Schedule".
This video is a step by step video on how to schedule reports. schedule reports video

Privacy Policy

LucidView is committed to your privacy. Please view our privacy policy by clicking here and our data retention policy for Enforcer profiles here
The Privacy Policy (Also known as the internal IP logging feature) is a reporting feature that enables reporting on individual IP addresses within a network. This is a feature that needs to be explicitly enabled before traffic logging of internal IP addresses begins.
How to accept the Privacy Policy
  • Log into your Enforcer Profile
  • If the policy has not been accepted, you may try to generate a specific user report, and the terms of feature acceptance will be presented.
  • Alternatively, from the drop down menu, there is a dedicated option to access the privacy policy menu.
  • Reports will not contain internal IP information, neither will you be able to generate specific user reports unless the terms of this feature has been accepted.
  • You may disable this setting at any point in time.

Saturation Management

LucidView's Saturation Manager is a powerful cloud based utility which allows you to control the bandwidth utilised by certain categories. You may, of course, designate custom entries such as URLs, or IP addresses and ranges.
The saturation management categories offered are powered by LucidView's Cloud Artificial Intelligence platforms. Depending on your configuration of the Saturation Manager, lists will be pushed by the LVCloud to your Enforcer profile, after which mangle rules and queue trees will be utilised to deliver the shaping experience. Please note that the configuration on RouterOS to effectively utilise the Saturation Manager requires the relevant resepective knowledge. We recommend having RouterOS knowledge in the following areas.
  • L2TP Client configuration
  • Packet mangling, packet and connection tracking.
  • Queue trees
  • Multi gateway routing / multiple routing tables based on routing marks.
  • File management on RouterOS


Configuration

The Saturation Management Module is accessible from the Enforcer Profile, when the module has been enabled for that profile.
Log into the Enforcer profile, and find the section labelled "Saturation Manager" available from the home screen. Alternatively, you may access the Saturation Manager from any time, by using the drop down menu from the right side of the Navigation Bar.
From the configuration menu of the Saturation Manager, please select the categories of content that you would like to be able to shape. Additionally, you may enter URL, or IP addresses/ranges to also be pushed to your Enforcer Profile.
Please note that there may be up to a 10 minute delay before your shaping lists are updated by the LVCloud.
Please configure the mangle rules so that the correct traffic may be managed by the queue trees on the MikroTik itself. It is there that you may start to configure bandwidth allowances for each list.

Intrusion Prevention Solution

Contained within each Enforcer profile, is a module for Intruder Detection and Prevention. This is an extremely powerful tool used to detect and prevent zero day attacks from malware, hackers and ransomware attacks.
The first step in defence against threats, is a signature based analysis of each connection. Known threats present a signature, that may be blocked on attempts at initiation.
Secondly, and arguably more important, is the Behaviour Based analysis utilised by the IPS module. This means that the behaviour of each connection is tracked, and if the connection meets a prescribed criteria, it can be deemed as a risk, and subsequently blocked.

Important Information

Non DNS based connections(or Direct IP), are always flagged for protection by the IPS. If non DNS based connections are a requirement for your network(VoIP, Some file sharing systems, web applications etc), you may whitelist these IP addresses/ranges under the content filter section.

Report Importance

The malware report available from the reports section, is designed to show all traffic on your network that will be targeted, and blocked by the IPS module. In certain cases, it may be prudent to generate this report before enabling the IPS. The report will show all connections that will be killed off by the IPS. This may reveal any legitimate systems that utilise Non DNS connections, to be whitelisted in the content filter.

Profile Management

Enforcer Administrators may access, and configure rudimentary settings available to their Enforcer Profile.
Administrators may change the email address associated to the profile. Please note that this requires a confirmation step, which will be emailed to the new address.
A secondary email contact address is available, however, please note, that this contact is for record keeping purposes only.
Remote management of the Enforcer may also be enabled, or disabled. This means that the Management account will not be able to login, or generate reports for this profile. Only the Enforcer administrator may log in, via the default Enforcer Access mechanism, and generate reports, or configure the Enforcer settings as necessary.

FairShare™

FairShare™ is a feature available to all Enforcer devices. FairShare™ ensures that latency sensitive functions on a network are not denied bandwidth access by bandwidth intensive operations. For example, someone streaming YouTube or Netflix does not impact someone else playing online games.
LucidView’s FairShare™ dynamically prioritises connections based on both their nature and impact on your particular connection resulting in a faster end-user internet experience even under-saturated line conditions.
To configure FairShare™ on your Enforcer, please follow the steps outlined here



Wi-Fi Configuration

Accessing this Wi-Fi section, requires a Bolt-On with Wi-Fi Enforcer type. This Enforcer type can be selected upon creation of the profile. For these Enforcer types, a new main menu option will appear, after logging into the Enforcer. This section provides a convenient method to configure rudimentary Wi-Fi settings, such as; SSID name, the channel of broadcast, and the Password to connect to the Wi-Fi Network.

Technical Information

Further Technical information will be supplied here.
For now, here is a link to create and configure a generic multi bolt-on.