In this window, you can configure general settings for connecting to the KICS for Networks server, add a server certificate, configure two-way authentication when connecting to the KICS for Networks server, and encrypt the telemetry sent to the KICS for Networks server.
KICS for Networks server connection settings
Setting |
Description |
|---|---|
Settings for sending telemetry via TCP |
|
Send a synchronization request to the KICS for Networks server every (minutes): |
Frequency of sending synchronization requests to the KICS for Networks server in minutes. The default value is |
Maximum time to wait for the server connection (sec) |
Maximum time to wait for a connection to the KICS for Networks server in seconds. The default value is |
Maximum time to wait for a response from the server (sec) |
Maximum time to wait for a response from the KICS for Networks server in seconds. The default value is |
Add (server certificate) |
Opens a standard file selection window where you can specify the path to the KICS for Networks server certificate. A server certificate must be added to ensure a secure connection to the KICS for Networks server. The KICS for Networks server certificate is provided by the Kaspersky Industrial CyberSecurity for Networks administrator. |
Remove (server certificate) |
Removes the previously added KICS for Networks server certificate. The button is displayed if a server certificate was previously added. |
Use two-way authentication |
Enables or disables the use of two-way authentication to further secure the connection to the KICS for Networks server. By default, two-way authentication is disabled. To use two-way authentication, you need to add a client certificate. Two-way authentication must be enabled on the KICS for Networks server side. |
Add a client certificate |
Opens a standard file selection window where you can specify the path to the cryptocontainer (PFX file) with the client certificate and private key. The button is available if the Use two-way authentication check box is selected. |
Edit |
Allows you to specify the password for the cryptocontainer with the client certificate. The Cryptocontainer password field cannot be edited. By default, the password is empty. To specify a password, click Edit. In the window that opens, enter the password and click OK. Clicking the Show button in the window displays the password in clear text in the password entry window. It is recommended to make sure that the password complexity and anti-bruteforce mechanisms ensure that the password cannot be guessed within 6 months. The button is available if the Use two-way authentication check box is selected. |
Settings for sending telemetry via UDP |
|
Encrypt data |
This function enables/disables encryption of telemetry sent to KICS for Networks servers via UDP. If the function is disabled, the previously loaded crypto container is removed from the policy properties. |
Add crypto container |
The button opens a window where you can specify the path to the cryptocontainer (PFX file) containing information for encrypting telemetry sent to KICS for Networks servers. The button is available if the Encrypt data function is enabled. |
Delete cryptocontainer |
Removes a previously added cryptocontainer file. The button is displayed if a cryptocontainer file was added previously. |
Edit |
Allows you to specify a cryptocontainer password for encrypting telemetry sent to KICS for Networks servers. The Cryptocontainer password field cannot be edited. By default, the password is empty. To specify a password, click Edit. In the window that opens, enter the password and click OK. Clicking the Show button in the window displays the password in clear text in the password entry window. The button is available if the Encrypt data function is enabled. |