Create a gateway that defines and groups your enterprise’s IP addresses for Lumu’s continuous compromise assessment

Using Lumu Public Gateways as Primary DNS Resolvers

With Lumu Public Gateways you can associate part of the traffic originating from your organization using Lumu public IP addresses as DNS resolvers while illuminating threats, attacks, and adversaries coming from your network. This document will help you get started and configure your environment to use Lumu IP addresses seamlessly.

As we show in our deployment and integration overview, Lumu Gateways can also be configured to represent departments, offices, or geographic regions, whichever makes the most sense for your unique organizational structure.

What Is Public Gateway?

At Lumu, public gateways are how we define and group the network’s public IP addresses. IPs are the addresses your internet service provider (ISP) assigns to your computer, server, or router which are used to forward traffic to other networks or the internet.
A Gateway serves as an entry and exit point for all data on its way to or from the internet or other networks, e.g. a DNS server, or a router. Keep in mind that this collection method is not recommended for internal IP visibility, as all queries are going to be sent through a network gateway.
Once you add a public gateway and point your DNS to Lumu, all the requests to resolve a hostname on the internet will be processed by Lumu for Continuous Compromise Assessment in real-time.
Example of an enterprise perimeter pointing DNS to Lumu GatewaysExample of an enterprise perimeter pointing DNS to Lumu Gateways

Requirements

  1. Admin access and prerequisites to configure your local DNS server / router to point to Lumu.
These are the general steps you should follow to configure Lumu Gateways as primary network DNS resolver:

Adding a Public Gateway

You can add a Public Gateway while creating your Lumu account, or it can be easily managed from the Collectors' section of the Lumu Portal.

When creating a Public Gateway from the first account set up, you will be asked for a name to identify your Gateway, as in the following image (you can later define a label and set up a description):
Creating a Gateway from account set upCreating a Gateway from account set up
When adding a Gateway from the Collectors' section of the Lumu Portal, besides their name, the following information should be provided:
  1. Name: a meaningful description of the gateway.
  2. CIDR/IP: the public IP address of your gateway device or the group of IPs/CIDRs according to your infrastructure. See how to identify your public IP address below.
  3. Label: optionally assign a default label which all the captured metadata will be associated with by default. You can later specify and update labels.
Creating a GatewayCreating a Gateway

Identify a Public IP Address

The easiest way to find a device’s public IP address is by selecting the option “My Public IP” when creating the gateway, this automatically captures the public IP of the device you are connected to.

Identify the public CIDR/IP address
You can also go to one of the following websites to obtain your public IP address:
  1. https://checkip.amazonaws.com/
  2. https://www.whatismyip.com/

Multiple IPs in One Gateway

You have the option to create gateways for a group of IPs according to geography, network segments, device, domains, critical assets, departments, or any other way that makes sense for your business.

Defining a group of IPsDefining a group of IPs

Please ensure that any public IP address or group of IPs from which you want to send queries to our DNS are registered as a gateway for your company in the Lumu Portal. Lumu reserves the right to block queries coming from IP addresses not associated with accounts in our portal.

Next Step - Point Your DNS to Lumu

Now that you have created a public Gateway, it is time to point your DNS to Lumu to identify the level of compromise of your organization.

        • Related Articles

        • Collect DNS Queries with Lumu Gateways and Infoblox

          In the scenario where your company uses Infoblox as a DNS server, you have the option to associate the traffic originating from your organization using Lumu's public IP addresses as DNS resolvers while illuminating threats, attacks, and adversaries ...
        • Point your DNS to Lumu

          To start taking advantage of Lumu Gateways, you need to configure your DNS resolver device to point all DNS requests to Lumu's IP addresses, substituting the automatic DNS servers provided by your internet service provider (ISP). Once you have ...
        • Set Lumu as primary network DNS Resolver on Virtual Appliances

          The Lumu Virtual Appliance (VA) offers a seamless way to integrate the network metadata of your entire enterprise into the Lumu platform. You can easily deploy and set up a Lumu Virtual appliance to collect DNS network metadata through the Virtual ...
        • Configure DNS in Linux Desktop

          Setting up DNS forwarding on a Linux client device is the configuration suggested for testing purposes. We recommend you configure your DNS server or your router to take the most advantage of Lumu Continuous Compromise Assessment on your entire ...
        • Configure DNS in Windows Server

          Setting up DNS forwarding on a local server is recommended for enterprises where all the traffic is directed to the internet through a server. For more context on Lumu Deployment scenarios, consult Lumu Deployment and Integration Guide. ...