Manually creating Network Control rules

The following options are provided for manually creating Network Control rules:

• Starting with empty values of settings
• Based on an existing rule
• Based on events registered for Network Integrity Control or Command Control technology

To create a rule with initially empty values of settings:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser using the account credentials of a user with the Administrator role.
2. In the Network Control section, click the Add rule button.

   The details area in rule editing mode will appear in the right part of the web interface window.

3. Select a technology for the rule:
   • If you want to create a rule based on Network Integrity Control technology, click the NIC button.
   • If you want to create a rule based on Command Control technology, click the CC button.
4. In the Protocol field, specify the protocol for interaction between devices.

   When the Protocol field is selected, a window opens showing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.

   If necessary, use the search field above the table to find relevant protocols.

   To specify the protocol:

   1. In the protocols table, select the protocol that you want to specify for the rule. To select the relevant protocol, click the button that is displayed in the left column of the protocols table.

      For a Network Integrity Control rule, you can specify any protocol that is displayed in the table of supported protocols. For a Command Control rule, you can select only a protocol from among the supported protocols for process control.

   2. Click OK.

   If you select a protocol that can be identified by the application based on the contents of network packets, a notification about this appears under the Protocol field.

5. If Command Control technology is selected for the rule, specify the relevant system commands in the Commands field.

   When the Commands field is selected, a window opens with a list of system commands that are available for the selected protocol. To specify the commands:

   1. In the list of system commands, select the check boxes next to the commands that should be allowed. If all commands should be allowed, you can either select all check boxes or clear all check boxes for all commands.
   2. Click OK.
6. If necessary, enter additional information about the rule in the Comment field.
7. In the Side 1 and Side 2 settings groups, specify the address information for the sides of network interaction that is available for editing. Depending on the selected protocol (or set of protocols), address information may contain the following values:
   • MAC address
   • IP address
   • Port number
8. Click Save.

   The application will check the table of Network Control rules.

9. If the rules table contains an active rule in which all the settings match, you will see a warning about the presence of a matching rule. In this case, close the warning and change the settings of the created rule.
10. If the rules table contains an active rule with more general settings, you will see a warning about the presence of a general rule. If a general rule is present, a new specific rule will not be used in the application. The warning will contain a prompt to save the new specific rule. To create a new rule with defined settings, confirm your decision in the prompt window (for example, if you want to then remove the general rule).

    The new rule will be added to the list of Network Control rules.

11. If the rules table contains active rules with more specific settings, you will see a warning about the presence of more specific rules. After a general rule appears, the specific rules will not be used in the application. The warning will contain a prompt to remove the specific rules. To remove specific rules, confirm your decision in the prompt window.

    If the rules table contains inactive rules with more specific or matching settings, the application removes these rules from the list. The application does not show a prompt when removing these rules.

12. If there is no active rule allowing network interaction between devices for a new rule related to Command Control technology, you will be prompted to create the corresponding rule related to Network Integrity Control technology. In this case, you are advised to create an additional rule together with the current rule being created. To do so, confirm your decision in the prompt window and perform the necessary actions to create a new rule related to Network Integrity Control technology.

To create a new Network Control rule based on an existing rule:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser using the account credentials of a user with the Administrator role.
2. In the Network Control section, select the rule that you want to use as the basis for creating a new rule.
3. Right-click to open the context menu.
4. In the context menu, select Create rule based on the selected rule.

   The details area in rule editing mode will appear in the right part of the web interface window. The settings of the new rule will take the values obtained from settings of the selected rule.

5. Change the settings as necessary. To do so, complete steps 3–8 described in the procedure for creating a rule with initially empty values of settings.

To create a new network control rule based on a registered event:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser using the account credentials of a user with the Administrator role.
2. Select the Events section.
3. In the table of registered events, select the event that you want to use as the basis for creating the network control rule. You can select an event that was registered based on Network Integrity Control technology or Command Control technology. However, the event must contain information only about one network interaction.

   The details area appears in the right part of the web interface window.

4. In the details area, click the Create Network Control rule button.

   In the web browser window, the Network Control section opens. The details area in rule editing mode will appear in the right part of the web interface window. The new rule's settings will take the values received from the saved information about the event.

5. If necessary, edit the settings of the new rule. To do so, complete steps 4–8 described in the procedure for creating a rule with initially empty values of settings. If you do not need to change the settings of the new rule, save the rule by using the Save button.

Page top