Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

Securus Net is a proxy that can be setup in either transparent or explicit mode to monitor network traffic from all network based devices.

NET sits as the middle man on the network, authenticated machines using the network would communicate through the NET proxy service. Packets are subject to Securus analysis where words and phrases are matched against the proprietary dictionary of terms. Any dictionary matches will result in an ‘event call’ where the software uses packet information to call on the website to produce the screenshot. Packet information regarding date & time and machine information will be sent along with the image.

NET can be installed to a virtual server or onto physical hardware, please refer to the Installation section below for product requirements and which installation options to use for a given scenario.

Securus NET can also integrate with other existing proxies to form a proxy chain. NET will come first in this chain, and then others will follow.

If you are currently using an explicit proxy (such as with LGFL) or multiple VLAN’s, Securus NET will need to be set up in explicit mode only.

Server Requirements

NET can be installed to standalone hardware in transparent or explicit mode or to a virtual machine (HyperV or VMware) in explicit mode only.

Note that the below serves as a guideline and is subject to network configuration and is irrespective of device type. Physical servers in a transparent setup will need two ethernet ports in order to function correctly.

Recommended Specification

Up to 800 connections

  • 4 Core Processor

  • 8GB RAM

  • Minimal storage space of 60GB (captures held in our cloud service)

  • No operating system required

  • NIC/Dual Network Card (Transparent only)

  • Generation 1 VM (if using HyperV)

Up to 2500 connections

  • 8 Core Processor

  • 12GB RAM

  • Minimal storage space of 60GB (captures held in our cloud service)

  • No operating system required

  • NIC/Dual Network Card (Transparent only)

  • Generation 1 VM (if using HyperV)

2500+ Connections

  • Server specification outlined in each case before implementation.

Please note that captures will broadcast to our highly secure cloud environment. You will be provided login details to the Capture Management portal to view the capture data.

Captures only occur in cases where a library term has been detected over the network. If you require an entirely on-site solution (XT server and NET), please contact us directly on 0330 124 1750 to discuss viability and options.

Mobile Device Requirements

  • iOS 13 or higher

  • Android 4.4.2 or higher

Firewall Requirements


We recommend whitelisting the following address on the firewall to allow full communication to our services.

• Net1.securus-software.com
• Net-license.securus-software.com
• Support.prosyscor.com

CentOS Mirrors:

mirrors.fedoraproject.org 
mirrorlist.centos.org

Securus NET Installation

The server MUST have unfiltered internet access during the install process to ensure the software and updates are installed properly.


Installation – Explicit Mode

Installing in explicit mode would require the Securus NET proxy to be defined on the devices that are to be monitored. This can be automated to a number devices using an Mobile Device Management (MDM) service or individually on each device.

Explicit installs can be better for networks where only a small number of static devices (such as Apple Macs) need to be monitored.

Burn the ISO to a disc or USB and insert if installing to hardware or simply mount it to a new Virtual Machine.

We recommend balenaEtcher if using a USB for hardware installs.

Boot the server from disc/ISO to start.

Start the installation process and configure the following options when prompted.

Which Securus Cloud server do you belong to?

This defines the server you will be connecting to – i.e. cloud08. This will be provided by Securus support in the setup email.

Which OU does your school belong to?

Defines your schools OU on the server – i.e. LeatherheadPrimarySchool. This will be provided by Securus support in the setup email.

Which IP address should I use?

The IP address that you are allocating to the Net installation.

Which gateway should I use?

Type in Your gateway address.

Which DNS addresses should I use?

Enter your DNS addresses, separated by commas as shown in the example above.

Which Netmask should I use?

Enter your netmask address.

Do I require a proxy?

Type Y or n.

If Yes, enter your proxy information if required (eg: http://domain\username:password@ipaddress:port)

Which authentication method would you like to use?

This option is for the authentication method the Captive Portal will use to handle logins.

Option 1 will use LDAP integrating with your Active Directory.
Option 2 will use Google authentication.
Option 3 will hide the Captive Portal (no login necessary) and will use the devices MAC address as the username instead.
Option 4 will hide the Captive Portal (no login necessary) and will use the hostname of the device as the username.
Option 5 will disable the Captive Portal entirely and will display the devices IP address as the username instead.

You will be asked to confirm the settings are correct.

Type ‘Y’ and press enter to continue. After this process the network configuration utility will start.

If you have made a mistake, type ‘n’ and press enter and select which section you would like to change:

  1. for cloud information or OU,

  2. for network information,

  3. for authentication method.

A prompt will ask if the server is to be in transparent or explicit mode. Type E for explicit and press enter to confirm your choice.

The next prompt will then ask you to connect the Internet line to the appropriate port and will detect that the link is established.

The installation will now start and can take up to 15 minutes to complete.

Once the install has finished, you will be presented with the Securus NET console screen. Please move onto the Post Install section.

Installation - Transparent Mode (Hardware Only)

The server MUST have unfiltered internet access during the install process to ensure the software and updates are installed properly.

Installing transparently is most useful when there are multiple devices entering and leaving the school network on a regular basis (mobile phones and laptops etc). Devices entering the network will automatically be monitored by Securus NET.

Burn the ISO to a disc or USB and insert if installing to hardware or simply mount it to a new Virtual Machine.

We recommend balenaEtcher if using a USB for hardware installs.

Boot the server from disc/ISO to start.

Start the installation process and configure the following options when prompted.

Which Securus Cloud server do you belong to?

This defines the server you will be connecting to – i.e. cloud08. This will be provided by Securus support in the setup email.

Which OU does your school belong to?

Defines your schools OU on the server – i.e. LeatherheadPrimarySchool. This will be provided by Securus support in the setup email.

Which IP address should I use?

The IP address that you are allocating to the Net installation.

Which gateway should I use?

Type in Your gateway address.

Which DNS addresses should I use?

Enter your DNS addresses, separated by commas as shown in the example above.

Which Netmask should I use?

Enter your netmask address.

Do I require a proxy?

Type Y or n.

If Yes, enter your proxy information if required (eg: http://domain\username:password@ipaddress:port)

Which authentication method would you like to use?

This option is for the authentication method the Captive Portal will use to handle logins.

Option 1 will use LDAP integrating with your Active Directory.
Option 2 will use Google authentication.
Option 3 will hide the Captive Portal (no login necessary) and will use the devices MAC address as the username instead.
Option 4 will hide the Captive Portal (no login necessary) and will use the hostname of the device as the username.
Option 5 will disable the Captive Portal entirely and will display the devices IP address as the username instead.

You will be asked to confirm the settings are correct.

Type ‘Y’ and press enter to continue. After this process the network configuration utility will start.

If you have made a mistake, type ‘n’ and press enter and select which section you would like to change:

  1. for cloud information or OU,

  2. for network information,

  3. for authentication method.

A prompt will ask if the server is to be in transparent or explicit mode. Type E for explicit and press enter to confirm your choice.

Type T for transparent and press enter to confirm your choice.

The next prompt will then ask you to connect the Internet line to the appropriate port and will detect that the link is established. It will then ask you for the LAN line and perform the same link check.

The installer will then run through the rest of the install process and you will be presented with the Securus NET Terminal Interface. Please move onto the Post Install section at this point.

Post Install


Once the installation is complete, you will be presented with the Securus NET Terminal Interface.
Here you will find some troubleshooting options to help identify where a connection issue may lie.

I - System Information
This will show which cloud service the NET server is connected to, system uptime, CPU usage and storage usage.

S - Securus NET Status
This will show whether the NET services are up and connected.

P - Ping any address
Will allow you to ping internal or external devices to test for connectivity.

L - Update Licence
Allows you to update the licence, can also be used to query the licensing server to check for connectivity outside of the network.

N - Network Information
This will show the network details that are currently assigned to the device. If no tunnel address is shown, please check your firewall and ensure the addresses listed in the Firewall Requirements section are whitelisted.

It is recommended that the connection and capture creation be tested once the installation is complete. Please read on for the next steps depending on the installation type.

If you get stuck or need any further advice, please do not hesitate to contact the support team.

Explicit – Capture Test


Set a devices proxy to the server’s IP address with port 3128 and make an exclusion for the local network – example 172.20.*. This will later need to be set for every computer being monitored by NET and can be done via GPO or MDM.

Our certificate will then need to be installed on the device, this can be downloaded from here: https://support.securus-software.com/securus.crt.

Install the certificate as a root authority on the test machine (images for Windows below).

Then go to Wikipedia and search for AK47. If you entered an LDAP address during the install, the Securus NET Captive Portal will show.

Google.com is on the whitelist and the search will complete without authentication. If enabled, the Captive Portal will display when a Google search result or another web address is accessed.

Login with your Active Directory details and the webpage will continue to load as normal. You may also need to open a new tab and complete the search again.

This should then generate several captures that can be then viewed in the Securus console.

Other phrases that can be used to test with are “ISIS”, “Fortnite”, “Roblox, or “Our Secret”.

The proxy can now be deployed site wide to mobile devices using an MDM.

Transparent – Capture Test

Our certificate will then need to be installed on the device, this can be downloaded from here. Install the certificate as a root authority on the test machine (instructions below).

Install our certificate onto test machine (a laptop if available) and plug it into the second ethernet port. The certificate can be downloaded from here. Install the certificate as a root authority on the test machine (instructions below).

Once this is done, attempt to browse the internet.

If enabled, the Securus NET server will block your connection and put up the Captive Portal and will ask you to login. Your Active Directory IP address should have been entered during the install, so it will already be linked to the schools Active Directory.

Login with your Active Directory credentials. Once a successful login has occurred, you will be prompted to continue browsing the internet.

Generate a test capture by browsing to Wikipedia and searching for AK47.

Google.com is on the whitelist and the search will complete without authentication. If enabled, the Captive Portal will display when a Google search result or another web address is accessed.

This should then generate several captures that can be then viewed in the Securus console.

Other phrases that can be used to test with are “ISIS”, “Fortnite”, “Roblox, or “Our Secret”.

The server will then to be deployed in line, between the firewall/router stack and the LAN or wireless network, depending on your network configuration.

Useful Information


Certificate Installation instructions:
iOS: https://support.apple.com/en-gb/HT204477#:~:text=If%20you%20want%20to%20turn,Mobile%20Device%20Management%20(MDM).

Captive Portal Information: Captive Portal

Securus NET Certificate download: https://support.securus-software.com/securus.crt

  • No labels