Kaspersky Industrial CyberSecurity for Networks includes the following components:
To manage the operation of the application and to view information, users connect to application components through a web interface. The connection to a component through the web interface is provided by a web server, which is additionally installed on the computer hosting the installed component. Certificates are used for a secure connection to the web server.
Kaspersky Security Center and recipient systems can connect to the Server to receive data from Kaspersky Industrial CyberSecurity for Networks or to exchange data with the application. Recipient systems connect through specialized application modules called connectors. Certificates are also used for a secure connection through connectors.
The Kaspersky Industrial CyberSecurity for Networks Server performs the following functions:
A Kaspersky Industrial CyberSecurity for Networks sensor performs the following functions:
Sensors and/or the Server receive a copy of industrial network traffic from monitoring points. You can add monitoring points to network interfaces detected on nodes that have application components installed. Monitoring points must be added to network interfaces that relay traffic from the industrial network.
You can add no more than 8 monitoring points on a sensor and no more than 4 monitoring points on the Server. You can use no more than 32 monitoring points total in the application.
All network interfaces with added monitoring points must be connected to the industrial network in such a way that excludes any possibility of impacting the industrial network. For example, you can connect using ports on industrial network switches configured to transmit mirrored traffic (Switched Port Analyzer, SPAN).
It is recommended to use a dedicated Kaspersky Industrial CyberSecurity network for connecting the Server to sensors and to other components of Kaspersky Industrial CyberSecurity (Kaspersky Industrial CyberSecurity for Nodes, Kaspersky Security Center). Network equipment used for interaction between components in the dedicated network must be installed separately from the industrial network. Normally, the following computers and devices should be connected to the dedicated network: