DnsCyte Quick Deployment

DnsCyte Quick Deployment

DnsCyte  Quick Deployment Guide

1.      Summary


This document is a summary of the quick deployment for DNSCyte. 

2.      Objective

The objective of the rapid deployment is to demonstrate discovery and analysis features of DNSCyte. DNSCyte is a DNS based security solution available as a Cloud-Based Service with an optional on-premise component (Agent) which analyses DNS traffic and block unwanted, malicious activity in your network

3.      Components

For quick installation, DNSCyte solution comes with a cloud-based part and an optional agent software which is installed on client devices. 

4.      Installations

Pre-Requisite: For installations and configurations you should have account on https://portal.dnscyte.com/. Before proceeding to configurations and installation please create account on DnsCyte cloud portal. 

     A. Cloud-Based Service Installation

Cloud-based service does not require any installation of software in your environment. It only involves forwarder DNS server configuration change in your local DNS server. Local DNS server forwards client requests to DNSCyte public DNS servers for analysis
      Step 1: Defining Public IP
To start cloud-based DNS filtering define the source IP of the DNS queries which will be analysed. Generally, This IP address is NAT IP address of your DNS server while accessing the Internet
To define your public IP(s)  log in to https://portal.dnscyte.com/ and navigate to Deployment--> Public IP and click  button on the upper right side of the screen and Public IP definition screen  appears as below


Figure 1. Public IP Definition
      In the Public IP definition; Name, IP address and profile settings must be defined. The other fields are optional.   There are four built-in security profiles available to users. You can use one of them, or you can set your policy. Please refer to https://docs.dnscyte.com/security-profiles web page for a detailed description.


Step 2: Forward DNS request to DNSCyte Cloud Service:

The second step for Cloud-Based Service deployment is to send the DNS queries to Cloud Service Public DNS Servers. DNSCyte Public DNS server IP Addresses are 199.244.90.190 and 199.244.90.191. You should define these IP Address as Forwarders in your DNS Servers.



Figure 2. DNS Forwarder Settings For Windows DNS Server

After finishing your settings, you can start to use Cloud-Based Service. Please note that DNS filtering does not work if you do not define any Public IP or defining wrong IP information on the Cloud Portal. 


     B. Agent-Based Installation

Agent-based filtering enables securing DNS traffic for roaming or mobile clients. Agent intercepts all DNS traffic at the network layer and forwards it to DNSCyte cloud for filtering. Client traffic can be filtered regardless of the location of the client.

 Installing Agent:
Agent Installers  available at the https://portal.dnscyte.com/ . After log in to portal navigate to Deployments -->Roaming Clients  and download the agent from the link in the upper-right part of the page.


Figure 3. Getting Agent Installer

Once you download the installer, extract files and execute the installation file to install an agent. Agent installation is straightforward; just click next to finish the installation. After successful installation, the agent automatically registers itself to the Cloud Portal, and you can view your agent installations by navigating to deployment --> Roaming Clients.




Figure 4. Registered Agents

Assigning Security Profile:

Agent installation requires to apply a security policy to each registered agent. To Apply Security Policy to an Agent click/button on the right side of each agent instances and Policy Settings page available for editing. 



Figure 5. Agent Settings

once you finished your settings  click "Apply" button bottom of  page to take effect your changes. Now, the agent is ready to go. 


Note:  If you want to exclude domains for DNS checking or domains which are not  applicable to DNS based  filtering like your active directory domains or local domains  click  button under Roaming Client and add your domains here. These domains will not be handled by Agent.

     C. Local DNS Server Installation

Local DNS Serve installation enables monitoring of local IP address information of your client devices while enforcing Security Profiles. 

Download and Deploy Virtual Appliance.

Local DNS servers are available as a virtual appliance for both ESX and HyperV environm

Download Virtual Machines:

For ESX:

http://download.dnscyte.com/dnscyte/DnsCyte-Local-DNS-ESX.zip

For HyperV:

http://download.dnscyte.com/dnscyte/DnsCyte-Local-DNS-HyperV.zip

 
After downloading your virtual appliance  please refer to virtualisation platform guides to deploy your virtual machines.

Configure Virtual Appliance:

After deploying your virtual appliance on your virtualisation platform you can access via console. Please use :

Username: dnscyte

Password: Password12345

For log on to the system. First thing you may need to configure is IP information of your virtual appliance. Use command “sudo nano /etc/network/interfaces  to edit IP information. After editing network information run “sudo systemctrl restart networking” command to take effect your settings.

After setting up an IP address you can enable dns service by registering box to your https://portal.dnscyte.com  account. Please note that before configuration you should have an account on DnsCyte Cloud portal.

To register  and  start DNS services run

sudo /dnscyte/dnssenseregister.bash” command and follow instructions. Registration script asks for your DnsCyte Cloud user name and Password for registration and enables required services once successfully registered the box.

Figure 6 DnsCyte Local DNS Registration

After successful execution of the script, you can check the services by executing “netstat -tulpn” command. Also, you can log in to https://portal.dnscyte.com to view registered local DNS deployment. 


Figure 7 Local DNS Services

                                   

Figure 8 Portal Registered Devices

Assign Security Profile:

By default, Monitor_Profile is automatically applied to every registered Local DNS  Servers. To change the assigned security profile click edit icon and select designated Profile from the list.


Figure 9  Assign Security Profile




    • Related Articles

    • NetCyte DNS Security Quick Deployment Guide

        Captive Portal Quick Deployment Guide       1.      Summary This document is a summary of the quick deployment of the Captive Portal component of NetCyte NAC solution from pre-configured virtual appliances. 2.      Objective The objective of the ...
    • NetCyte Quick Deployment Guide

       NetCyte  Quick Deployment Document 1.      Summary This document is a summary of quick deployment of netCyte NAC solution from preconfigured virtual appliances 2.      Objective The objective of the quick deployment is to demonstrate discovery and ...
    • DnsCyte Guides

      DNSCyte is a cloud-based security platform based on DNS filtering.  The system utilises global cyber threat intelligence and machine learning to block threats and targeted attacks in real time.   DNSCyte has indexed 99.9% of the Internet, which ...
    • Captive Portal Configuration

      1.      Introduction Captive Portal is a Guest management platform for NetCyte NAC System. It is used for registering and authentication of Guest users. It is also used for Authentication Portal for Corporate users. Because it is a web application ...