Self-testing and integrity control in Kaspersky IoT Secure Gateway 1000

This functionality is available to the administrator only.

Self-testing

Kaspersky IoT Secure Gateway 1000 self-testing is a process that monitors the performance of the KasperskyOS security features and overlaid protection tools.

The self-testing system performs diagnostics of the following functions:

• Audit
• User identification and authentication tool
• Network traffic blocking tool
• Kaspersky IoT Secure Gateway Network Protector application

To start self-testing, do as follows:

1. In the menu on the left side of the screen, select the Self-diagnostics section.
2. In the Self-testing subsection, click Start testing.

The self-testing results for each feature are displayed in the Self-testing table, and the overall testing status is displayed next to the Start testing button. If errors occur during self-testing, Kaspersky IoT Secure Gateway 1000 switches to emergency support mode.

Start events and self-testing results are recorded in the system audit log.

Integrity control

Integrity control checks system and user application files and data through electronic signature (checksum) verification.

Kaspersky IoT Secure Gateway 1000 provides two types of integrity checks: automatic and manual.

An automatic check is performed when Kaspersky IoT Secure Gateway 1000 starts and checks the user application checksums. If the integrity of user applications is compromised, Kaspersky IoT Secure Gateway 1000 records information about the integrity violation in the audit log and automatically switches to emergency support mode.

A manual integrity check can be started by the administrator only.

To start an integrity check manually and view the results, do as follows:

1. In the menu on the left side of the screen, select the Self-diagnostics section.
2. In the Integrity check subsection, click Start check.

   The application generates a report file after the integrity check is completed. The status, date and time of the last manual integrity check are displayed next to the Download report button.

3. Click Download report to save the report file containing the manual integrity check results in TXT format to the local computer.

   In the event that the manual check detects an integrity violation, the application does not automatically switch to emergency support mode. The administrator has to read the report and decide on a further course of action.

The manual integrity check report file consists of report header, report body and epilogue. The header and epilogue of the report file contain the following information:

• Host ID
• Report generation date and time
• Name of the function for calculating the checksum for the report file
• Checksum of the report file
• Separators between the title, body of the report, and the epilogue

The report body consists of the lines with the check status for each file participating in the integrity check procedure. Each line consists of the following fields, separated by the |:

• Path and name of the scanned file
• Date and time of the integrity check
• Name of the function for calculating the checksum
• Reference checksum for the file
• Calculated checksum for the file
• Integrity check status Possible statuses:
  • File integrity verified successfully – the reference and calculated checksums match. Any status other than this one may indicate a potential integrity violation, and the administrator is advised to analyze the incident.
  • File content changed against reference! – the calculated checksum differs from the reference one.
  • File isn't present in integrity database! – a file is detected that is not under integrity control. In this case, the reference checksum field is filled in with zeros.
  • The file under integrity control was deleted or moved! – the file under integrity control has been moved or deleted. In this case, the calculated checksum field is filled in with zeros.
  • Package integrity violation! – the file that contains the reference checksums of the files is corrupted or missing.

The following executable files and libraries must pass the integrity check:

• System libraries in the /lib folder
• System image file /loader_active/image.fit
• Local web interface files:
  • Files in the html/assets folder
  • Files in the html/css folder
  • Files in the html/js folder
  • Files authorization.html, index.html, troubleshooting.html
• System digital certificates:
  • File 3520p1.der (for the release version of the system)
  • File 3020d1.der (for the developer version of the system)
• Files for working with applications:
  • Container file /packages/helpers/container
  • Application validation files in the /packages/schema folder

For these files and libraries, the report must show the "File integrity verified successfully" status, indicating that their code has not been changed and their checksum matches the reference one.

For the rest of the files, you need to analyze on your own, whether the changes are acceptable.

For the file /uboot/EFI/BOOT/BOOTX64.EFI, you must manually compare the checksum value from the report with the correct value dee553d7604c9a737c55c112a70efed7dd8c338c35dd9ad97fd28a5fb6663289. You can ignore the reference checksum and verification status in the report for this file.

Page top